[conntrack-tools] conntrackd: fix wrong TCP handling in unused nl_update_conntrack()

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Sun Jun 21 00:31:40 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=9d57b20ca51ee4de21b938bc20f9e3345aa9b02b
commit 9d57b20ca51ee4de21b938bc20f9e3345aa9b02b
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sun Jun 21 00:31:14 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sun Jun 21 00:31:14 2009 +0200

    conntrackd: fix wrong TCP handling in unused nl_update_conntrack()
    
    This patch fixes an incorrect use of nfct_get_attr_u32() instead of
    nfct_get_attr_u8() to obtain the current TCP state. This patch also
    sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT.
    
    The function nl_update_conntrack() is currently unused so this fix
    does not resolve any pending issue.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  9d57b20ca51ee4de21b938bc20f9e3345aa9b02b (commit)
      from  bcb91373d0641c1999d48526411fd857d2baee28 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9d57b20ca51ee4de21b938bc20f9e3345aa9b02b
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sun Jun 21 00:31:14 2009 +0200

    conntrackd: fix wrong TCP handling in unused nl_update_conntrack()
    
    This patch fixes an incorrect use of nfct_get_attr_u32() instead of
    nfct_get_attr_u8() to obtain the current TCP state. This patch also
    sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT.
    
    The function nl_update_conntrack() is currently unused so this fix
    does not resolve any pending issue.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 src/netlink.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
This patch fixes an incorrect use of nfct_get_attr_u32() instead of
nfct_get_attr_u8() to obtain the current TCP state. This patch also
sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT.

The function nl_update_conntrack() is currently unused so this fix
does not resolve any pending issue.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/netlink.c b/src/netlink.c
index cca6f3a..5c07201 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -257,7 +257,7 @@ int nl_update_conntrack(struct nfct_handle *h,
 				IP_CT_TCP_FLAG_SACK_PERM;
 
 		/* FIXME: workaround, we should send TCP flags in updates */
-		if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) ==
+		if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >=
 						TCP_CONNTRACK_TIME_WAIT) {
 			flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
 		}

More information about the netfilter-cvslog mailing list