diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-07-29 16:01:41 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-07-29 16:01:41 +0200 |
| commit | b0a327b7a8fda0ebe936839235394de03b520f5e (patch) | |
| tree | 2570176d0e5bbfc1c1443d0ef38f77900a702424 | |
| parent | f52bcb906ba05f67a0a54dfeb9abff0ba6a02c89 (diff) | |
| download | conntrack-tools-b0a327b7a8fda0ebe936839235394de03b520f5e.tar.gz conntrack-tools-b0a327b7a8fda0ebe936839235394de03b520f5e.zip | |
filter: skip protocol state filtering if state not present
Skip user-space the protocol state filter if the protocol state is not
present in the event message.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/filter.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/filter.c b/src/filter.c index 6e4d64a..eaf0a93 100644 --- a/src/filter.c +++ b/src/filter.c @@ -192,6 +192,9 @@ static int __ct_filter_test_state(struct ct_filter *f, struct nf_conntrack *ct) switch(protonum) { case IPPROTO_TCP: + if (!nfct_attr_is_set(ct, ATTR_TCP_STATE)) + return -1; + val = nfct_get_attr_u8(ct, ATTR_TCP_STATE); break; default: |