[conntrack-tools] filter: skip protocol state filtering if state not present
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Tue Jul 29 16:01:49 CEST 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=b0a327b7a8fda0ebe936839235394de03b520f5e
commit b0a327b7a8fda0ebe936839235394de03b520f5e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Jul 29 16:01:41 2008 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Jul 29 16:01:41 2008 +0200
filter: skip protocol state filtering if state not present
Skip user-space the protocol state filter if the protocol state is not
present in the event message.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via b0a327b7a8fda0ebe936839235394de03b520f5e (commit)
from f52bcb906ba05f67a0a54dfeb9abff0ba6a02c89 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b0a327b7a8fda0ebe936839235394de03b520f5e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Tue Jul 29 16:01:41 2008 +0200
filter: skip protocol state filtering if state not present
Skip user-space the protocol state filter if the protocol state is not
present in the event message.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
src/filter.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Skip user-space the protocol state filter if the protocol state is not
present in the event message.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/filter.c b/src/filter.c
index 6e4d64a..eaf0a93 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -192,6 +192,9 @@ static int __ct_filter_test_state(struct ct_filter *f, struct nf_conntrack *ct)
switch(protonum) {
case IPPROTO_TCP:
+ if (!nfct_attr_is_set(ct, ATTR_TCP_STATE))
+ return -1;
+
val = nfct_get_attr_u8(ct, ATTR_TCP_STATE);
break;
default:
More information about the netfilter-cvslog
mailing list