diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-22 15:49:14 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-22 15:49:14 +0100 |
commit | ad17836eb03998236be259af2312c4a11b3e45f0 (patch) | |
tree | 183cbf56c655d35fa096df12e0bf8185bb0835e6 | |
parent | 88fd3dc90716e9d252cedcd668371743730acdcb (diff) | |
download | conntrack-tools-ad17836eb03998236be259af2312c4a11b3e45f0.tar.gz conntrack-tools-ad17836eb03998236be259af2312c4a11b3e45f0.zip |
conntrack: support SYN_SENT2 TCP state as --state parameter
Since Linux kernel 2.6.31, the LISTEN state is SYN_SENT2. With this
patch, we allow to use -p tcp --state SYN_SENT2 which was not possible
so far.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | extensions/libct_proto_tcp.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index cb573d0..0b43bf5 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -82,7 +82,8 @@ static const char *tcp_states[TCP_CONNTRACK_MAX] = { [TCP_CONNTRACK_LAST_ACK] = "LAST_ACK", [TCP_CONNTRACK_TIME_WAIT] = "TIME_WAIT", [TCP_CONNTRACK_CLOSE] = "CLOSE", - [TCP_CONNTRACK_LISTEN] = "LISTEN" + /* Since Linux kernel 2.6.31, LISTEN is SYN_SENT2. */ + [TCP_CONNTRACK_SYN_SENT2] = "SYN_SENT2" }; static void help(void) @@ -151,7 +152,11 @@ static int parse_options(char c, break; } } - if (i == TCP_CONNTRACK_MAX) + /* For backward compatibility with Linux kernel < 2.6.31. */ + if (strcmp(optarg, "LISTEN") == 0) { + nfct_set_attr_u8(ct, ATTR_TCP_STATE, + TCP_CONNTRACK_LISTEN); + } else if (i == TCP_CONNTRACK_MAX) exit_error(PARAMETER_PROBLEM, "unknown TCP state `%s'", optarg); *flags |= CT_TCP_STATE; |