[libnetfilter_conntrack] tcp: add support for SYN_SENT2 state
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Wed Jun 10 01:26:58 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=2db01c27b4b234b6da8efa3af3177447dfd36387
commit 2db01c27b4b234b6da8efa3af3177447dfd36387
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jun 10 01:23:50 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jun 10 01:23:50 2009 +0200
tcp: add support for SYN_SENT2 state
This patch adds support for the new SYN_SENT2 state that Jozsef
has introduced to support TCP simultaneous open in 2.6.31. We can
safely include support for this feature now since the LISTEN state
was not ever really used.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 2db01c27b4b234b6da8efa3af3177447dfd36387 (commit)
from 8bb593c025100cc03a9b3e03f636dc999f891a1c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2db01c27b4b234b6da8efa3af3177447dfd36387
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jun 10 01:23:50 2009 +0200
tcp: add support for SYN_SENT2 state
This patch adds support for the new SYN_SENT2 state that Jozsef
has introduced to support TCP simultaneous open in 2.6.31. We can
safely include support for this feature now since the LISTEN state
was not ever really used.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
.../libnetfilter_conntrack_tcp.h | 3 ++-
src/conntrack/snprintf.c | 2 +-
utils/conntrack_create.c | 2 +-
utils/conntrack_create_nat.c | 2 +-
utils/conntrack_grp_create.c | 2 +-
utils/conntrack_master.c | 4 ++--
utils/expect_create.c | 2 +-
7 files changed, 9 insertions(+), 8 deletions(-)
This patch adds support for the new SYN_SENT2 state that Jozsef
has introduced to support TCP simultaneous open in 2.6.31. We can
safely include support for this feature now since the LISTEN state
was not ever really used.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h b/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
index d4b6076..1fd5ef1 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
@@ -22,7 +22,8 @@ enum tcp_state {
TCP_CONNTRACK_LAST_ACK,
TCP_CONNTRACK_TIME_WAIT,
TCP_CONNTRACK_CLOSE,
- TCP_CONNTRACK_LISTEN,
+ TCP_CONNTRACK_LISTEN, /* obsolete */
+#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN
TCP_CONNTRACK_MAX,
TCP_CONNTRACK_IGNORE
};
diff --git a/src/conntrack/snprintf.c b/src/conntrack/snprintf.c
index 80629a7..452d62f 100644
--- a/src/conntrack/snprintf.c
+++ b/src/conntrack/snprintf.c
@@ -35,7 +35,7 @@ const char *states[TCP_CONNTRACK_MAX] = {
[TCP_CONNTRACK_LAST_ACK] = "LAST_ACK",
[TCP_CONNTRACK_TIME_WAIT] = "TIME_WAIT",
[TCP_CONNTRACK_CLOSE] = "CLOSE",
- [TCP_CONNTRACK_LISTEN] = "LISTEN",
+ [TCP_CONNTRACK_SYN_SENT2] = "SYN_SENT2",
};
const char *sctp_states[SCTP_CONNTRACK_MAX] = {
diff --git a/utils/conntrack_create.c b/utils/conntrack_create.c
index 56a30ff..e304fef 100644
--- a/utils/conntrack_create.c
+++ b/utils/conntrack_create.c
@@ -27,7 +27,7 @@ int main()
nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
- nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
+ nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
nfct_set_attr(ct, ATTR_HELPER_NAME, "ftp");
diff --git a/utils/conntrack_create_nat.c b/utils/conntrack_create_nat.c
index 327d1d2..3cc65df 100644
--- a/utils/conntrack_create_nat.c
+++ b/utils/conntrack_create_nat.c
@@ -27,7 +27,7 @@ int main()
nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
- nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
+ nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
nfct_set_attr_u32(ct, ATTR_SNAT_IPV4, inet_addr("8.8.8.8"));
diff --git a/utils/conntrack_grp_create.c b/utils/conntrack_grp_create.c
index 3b62d6d..b77d155 100644
--- a/utils/conntrack_grp_create.c
+++ b/utils/conntrack_grp_create.c
@@ -32,7 +32,7 @@ int main()
nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
- nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
+ nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
nfct_set_attr(ct, ATTR_HELPER_NAME, "ftp");
diff --git a/utils/conntrack_master.c b/utils/conntrack_master.c
index 1cd7490..d1552a4 100644
--- a/utils/conntrack_master.c
+++ b/utils/conntrack_master.c
@@ -28,7 +28,7 @@ int main()
nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
- nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
+ nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
h = nfct_open(CONNTRACK, 0);
@@ -66,7 +66,7 @@ int main()
nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
- nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
+ nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
/* my conntrack master is ... */
diff --git a/utils/expect_create.c b/utils/expect_create.c
index 330ef66..f05df6b 100644
--- a/utils/expect_create.c
+++ b/utils/expect_create.c
@@ -37,7 +37,7 @@ int main()
nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY);
- nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
+ nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
h = nfct_open(CONNTRACK, 0);
More information about the netfilter-cvslog
mailing list