[conntrack-tools] netlink: conditional build of TCP flags/mask for updates
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Thu Dec 11 20:06:14 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=785b627d0aa06a96d500d32f20c2d6f590b7a55b
commit 785b627d0aa06a96d500d32f20c2d6f590b7a55b
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Dec 11 20:04:44 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Dec 11 20:04:44 2008 +0100
netlink: conditional build of TCP flags/mask for updates
This patch includes the TCP flag/mask attributes in update messages
if this is a TCP connection.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 785b627d0aa06a96d500d32f20c2d6f590b7a55b (commit)
from cda212571533762c525df18fdcf361a93a1a2c31 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 785b627d0aa06a96d500d32f20c2d6f590b7a55b
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Dec 11 20:04:44 2008 +0100
netlink: conditional build of TCP flags/mask for updates
This patch includes the TCP flag/mask attributes in update messages
if this is a TCP connection.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
src/netlink.c | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
This patch includes the TCP flag/mask attributes in update messages
if this is a TCP connection.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/netlink.c b/src/netlink.c
index 2fabd8d..8ba4fb7 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -228,7 +228,6 @@ int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
{
int ret;
- uint8_t flags;
struct nf_conntrack *ct;
ct = nfct_clone(orig);
@@ -267,11 +266,14 @@ int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
/*
* TCP flags to overpass window tracking for recovered connections
*/
- flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM;
- nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags);
- nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags);
- nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags);
- nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags);
+ if (nfct_attr_is_set(ct, ATTR_TCP_STATE)) {
+ uint8_t flags = IP_CT_TCP_FLAG_BE_LIBERAL |
+ IP_CT_TCP_FLAG_SACK_PERM;
+ nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags);
+ }
ret = nfct_query(h, NFCT_Q_UPDATE, ct);
nfct_destroy(ct);
More information about the netfilter-cvslog
mailing list