[conntrack-tools] netlink: use u8 getter for TCP states

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Sat Feb 21 16:41:21 CET 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=abaa6410806e8a9a5d66243d56885d7be00ab524
commit abaa6410806e8a9a5d66243d56885d7be00ab524
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat Feb 21 16:38:57 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat Feb 21 16:38:57 2009 +0100

    netlink: use u8 getter for TCP states
    
    This patch replace nfct_get_attr_u32 by nfct_get_attr_u8 which is
    the correct size of a TCP state. Set also the CLOSE_INIT flag for
    CLOSE TCP state (as nf_conntrack_proto_tcp allows).
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  abaa6410806e8a9a5d66243d56885d7be00ab524 (commit)
      from  ae94864dee8596fcaf19ffe5670d192a0efd5fd6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit abaa6410806e8a9a5d66243d56885d7be00ab524
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sat Feb 21 16:38:57 2009 +0100

    netlink: use u8 getter for TCP states
    
    This patch replace nfct_get_attr_u32 by nfct_get_attr_u8 which is
    the correct size of a TCP state. Set also the CLOSE_INIT flag for
    CLOSE TCP state (as nf_conntrack_proto_tcp allows).
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 src/netlink.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
This patch replace nfct_get_attr_u32 by nfct_get_attr_u8 which is
the correct size of a TCP state. Set also the CLOSE_INIT flag for
CLOSE TCP state (as nf_conntrack_proto_tcp allows).

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/netlink.c b/src/netlink.c
index ef729c1..cca6f3a 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -192,7 +192,7 @@ int nl_create_conntrack(struct nfct_handle *h,
 				IP_CT_TCP_FLAG_SACK_PERM;
 
 		/* FIXME: workaround, we should send TCP flags in updates */
-		if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) ==
+		if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >=
 						TCP_CONNTRACK_TIME_WAIT) {
 			flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
 		}

More information about the netfilter-cvslog mailing list