summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2011-02-22 15:49:14 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2011-02-22 15:49:14 +0100
commitad17836eb03998236be259af2312c4a11b3e45f0 (patch)
tree183cbf56c655d35fa096df12e0bf8185bb0835e6
parent88fd3dc90716e9d252cedcd668371743730acdcb (diff)
downloadconntrack-tools-ad17836eb03998236be259af2312c4a11b3e45f0.tar.gz
conntrack-tools-ad17836eb03998236be259af2312c4a11b3e45f0.zip
conntrack: support SYN_SENT2 TCP state as --state parameter
Since Linux kernel 2.6.31, the LISTEN state is SYN_SENT2. With this patch, we allow to use -p tcp --state SYN_SENT2 which was not possible so far. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--extensions/libct_proto_tcp.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index cb573d0..0b43bf5 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -82,7 +82,8 @@ static const char *tcp_states[TCP_CONNTRACK_MAX] = {
[TCP_CONNTRACK_LAST_ACK] = "LAST_ACK",
[TCP_CONNTRACK_TIME_WAIT] = "TIME_WAIT",
[TCP_CONNTRACK_CLOSE] = "CLOSE",
- [TCP_CONNTRACK_LISTEN] = "LISTEN"
+ /* Since Linux kernel 2.6.31, LISTEN is SYN_SENT2. */
+ [TCP_CONNTRACK_SYN_SENT2] = "SYN_SENT2"
};
static void help(void)
@@ -151,7 +152,11 @@ static int parse_options(char c,
break;
}
}
- if (i == TCP_CONNTRACK_MAX)
+ /* For backward compatibility with Linux kernel < 2.6.31. */
+ if (strcmp(optarg, "LISTEN") == 0) {
+ nfct_set_attr_u8(ct, ATTR_TCP_STATE,
+ TCP_CONNTRACK_LISTEN);
+ } else if (i == TCP_CONNTRACK_MAX)
exit_error(PARAMETER_PROBLEM,
"unknown TCP state `%s'", optarg);
*flags |= CT_TCP_STATE;