[netfilter-cvslog] [libnetfilter_conntrack] fix nfct_copy with NFCT_CP_ORIG and NFCT_CP_REPLY flags

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue May 20 18:05:59 CEST 2008 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=ff7d53ece9e73e0bda937ad8716482c8cc881fb3
commit ff7d53ece9e73e0bda937ad8716482c8cc881fb3
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue May 20 17:53:08 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue May 20 17:53:08 2008 +0200

    fix nfct_copy with NFCT_CP_ORIG and NFCT_CP_REPLY flags
       via  ff7d53ece9e73e0bda937ad8716482c8cc881fb3 (commit)
      from  3dedd39ac8c3f4c9b3503e6a9b602fdf0341c7ed (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ff7d53ece9e73e0bda937ad8716482c8cc881fb3
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue May 20 17:53:08 2008 +0200

    fix nfct_copy with NFCT_CP_ORIG and NFCT_CP_REPLY flags

-----------------------------------------------------------------------

 src/conntrack/api.c |   23 +++++++++++++++--------
 1 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 45b03c0..b1347dc 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -767,10 +767,15 @@ void nfct_copy(struct nf_conntrack *ct1,
 	}
 
 	static int cp_orig_mask[] = {
-		ATTR_ORIG_IPV6_SRC,	/* this also copies IPv4 */
+		ATTR_ORIG_IPV4_SRC,
+		ATTR_ORIG_IPV4_DST,
+		ATTR_ORIG_IPV6_SRC,
 		ATTR_ORIG_IPV6_DST,
-		ATTR_ORIG_PORT_SRC,	/* this also copies ICMP */
+		ATTR_ORIG_PORT_SRC,
 		ATTR_ORIG_PORT_DST,
+		ATTR_ICMP_TYPE,
+		ATTR_ICMP_CODE,
+		ATTR_ICMP_ID,
 		ATTR_ORIG_L3PROTO,
 		ATTR_ORIG_L4PROTO,
 	};
@@ -778,17 +783,19 @@ void nfct_copy(struct nf_conntrack *ct1,
 
 	if (flags & NFCT_CP_ORIG) {
 		for (i=0; i<__CP_ORIG_MAX; i++) {
-			if (test_bit(i, ct2->set)) {
+			if (test_bit(cp_orig_mask[i], ct2->set)) {
 				copy_attr_array[cp_orig_mask[i]](ct1, ct2);
-				set_bit(i, ct1->set);
+				set_bit(cp_orig_mask[i], ct1->set);
 			}
 		}
 	}
 
 	static int cp_repl_mask[] = {
-		ATTR_REPL_IPV6_SRC,	/* this also copies IPv4 */
+		ATTR_REPL_IPV4_SRC,
+		ATTR_REPL_IPV4_DST,
+		ATTR_REPL_IPV6_SRC,
 		ATTR_REPL_IPV6_DST,
-		ATTR_REPL_PORT_SRC,	/* this also copies ICMP */
+		ATTR_REPL_PORT_SRC,
 		ATTR_REPL_PORT_DST,
 		ATTR_REPL_L3PROTO,
 		ATTR_REPL_L4PROTO,
@@ -797,9 +804,9 @@ void nfct_copy(struct nf_conntrack *ct1,
 
 	if (flags & NFCT_CP_REPL) {
 		for (i=0; i<__CP_REPL_MAX; i++) {
-			if (test_bit(i, ct2->set)) {
+			if (test_bit(cp_repl_mask[i], ct2->set)) {
 				copy_attr_array[cp_repl_mask[i]](ct1, ct2);
-				set_bit(i, ct1->set);
+				set_bit(cp_repl_mask[i], ct1->set);
 			}
 		}
 	}

More information about the netfilter-cvslog mailing list