[conntrack-tools] conntrackd: fix flow-state filtering for TCP

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Wed Dec 23 19:47:42 CET 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8
commit ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Dec 23 19:37:36 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Dec 23 19:40:49 2009 +0100

    conntrackd: fix flow-state filtering for TCP
    
    This patch fixes the clause `State' in `Filter' that allows
    you to filter by protocol state. This bug was introduced during
    the implementation of the TCP-based synchronization.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8 (commit)
      from  65645763ebe870fa01b5c1a5dbe810feb9397ff2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Wed Dec 23 19:37:36 2009 +0100

    conntrackd: fix flow-state filtering for TCP
    
    This patch fixes the clause `State' in `Filter' that allows
    you to filter by protocol state. This bug was introduced during
    the implementation of the TCP-based synchronization.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 src/read_config_yy.y |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)
This patch fixes the clause `State' in `Filter' that allows
you to filter by protocol state. This bug was introduced during
the implementation of the TCP-based synchronization.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 157e945..6dfca98 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -936,6 +936,9 @@ state_proto: T_STRING
 };
 state: tcp_state;
 
+tcp_states:
+	  | tcp_states tcp_state;
+
 tcp_state: T_SYN_SENT
 {
 	ct_filter_add_state(STATE(us_filter),
@@ -1397,7 +1400,7 @@ filter_item : T_STATE T_IGNORE '{' filter_state_list '}'
 filter_state_list :
 		  | filter_state_list filter_state_item;
 
-filter_state_item : states T_FOR state_proto ;
+filter_state_item : tcp_states T_FOR T_TCP;
 
 stats: T_STATS '{' stats_list '}'
 {

More information about the netfilter-cvslog mailing list