[libnetfilter_conntrack] build: remove unrequired checking in the protocol information
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Wed Jul 8 15:54:51 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=1c450e1595afdc8d1bfabb4f640c9251808426eb
commit 1c450e1595afdc8d1bfabb4f640c9251808426eb
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jul 8 15:53:41 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jul 8 15:53:41 2009 +0200
build: remove unrequired checking in the protocol information
This patch removes a checking that is performed before building the
protocol private information. This checking silently removed any
protocol attribute if the configuration is inconsistent. With this
change, the kernel reports the error to tell that some attributes
are missing.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 1c450e1595afdc8d1bfabb4f640c9251808426eb (commit)
from 0aad81cf6196de8127e70f30c1bd99422054e22a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1c450e1595afdc8d1bfabb4f640c9251808426eb
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jul 8 15:53:41 2009 +0200
build: remove unrequired checking in the protocol information
This patch removes a checking that is performed before building the
protocol private information. This checking silently removed any
protocol attribute if the configuration is inconsistent. With this
change, the kernel reports the error to tell that some attributes
are missing.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
src/conntrack/build.c | 34 ++++++++++------------------------
1 files changed, 10 insertions(+), 24 deletions(-)
This patch removes a checking that is performed before building the
protocol private information. This checking silently removed any
protocol attribute if the configuration is inconsistent. With this
change, the kernel reports the error to tell that some attributes
are missing.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 4c6a27e..c739396 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -106,13 +106,6 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
switch(ct->tuple[__DIR_ORIG].protonum) {
case IPPROTO_TCP:
- if (!(test_bit(ATTR_TCP_STATE, ct->set) ||
- (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) &&
- test_bit(ATTR_TCP_MASK_ORIG, ct->set)) ||
- (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) &&
- test_bit(ATTR_TCP_MASK_REPL, ct->set)))) {
- break;
- }
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
if (test_bit(ATTR_TCP_STATE, ct->set))
@@ -136,11 +129,6 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
nfnl_nest_end(&req->nlh, nest);
break;
case IPPROTO_SCTP:
- if (!(test_bit(ATTR_SCTP_STATE, ct->set) &&
- (test_bit(ATTR_SCTP_VTAG_ORIG, ct->set) &&
- test_bit(ATTR_SCTP_VTAG_REPL, ct->set)))) {
- break;
- }
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_SCTP);
if (test_bit(ATTR_SCTP_STATE, ct->set))
@@ -160,20 +148,18 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
nfnl_nest_end(&req->nlh, nest);
break;
case IPPROTO_DCCP:
- if (!(test_bit(ATTR_DCCP_STATE, ct->set) &&
- test_bit(ATTR_DCCP_ROLE, ct->set)))
- break;
-
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP);
- nfnl_addattr_l(&req->nlh, size,
- CTA_PROTOINFO_DCCP_STATE,
- &ct->protoinfo.dccp.state,
- sizeof(u_int8_t));
- nfnl_addattr_l(&req->nlh, size,
- CTA_PROTOINFO_DCCP_ROLE,
- &ct->protoinfo.dccp.role,
- sizeof(u_int8_t));
+ if (test_bit(ATTR_DCCP_STATE, ct->set))
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_DCCP_STATE,
+ &ct->protoinfo.dccp.state,
+ sizeof(u_int8_t));
+ if (test_bit(ATTR_DCCP_ROLE, ct->set))
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_DCCP_ROLE,
+ &ct->protoinfo.dccp.role,
+ sizeof(u_int8_t));
nfnl_nest_end(&req->nlh, nest_proto);
nfnl_nest_end(&req->nlh, nest);
default:
More information about the netfilter-cvslog
mailing list