diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-11 20:04:44 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-11 20:04:44 +0100 |
commit | 785b627d0aa06a96d500d32f20c2d6f590b7a55b (patch) | |
tree | 3ca8b911c9c0aecc69d17dcf3dee22b2556b4056 | |
parent | cda212571533762c525df18fdcf361a93a1a2c31 (diff) | |
download | conntrack-tools-785b627d0aa06a96d500d32f20c2d6f590b7a55b.tar.gz conntrack-tools-785b627d0aa06a96d500d32f20c2d6f590b7a55b.zip |
netlink: conditional build of TCP flags/mask for updates
This patch includes the TCP flag/mask attributes in update messages
if this is a TCP connection.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/netlink.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/netlink.c b/src/netlink.c index 2fabd8d..8ba4fb7 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -228,7 +228,6 @@ int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) { int ret; - uint8_t flags; struct nf_conntrack *ct; ct = nfct_clone(orig); @@ -267,11 +266,14 @@ int nl_update_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig) /* * TCP flags to overpass window tracking for recovered connections */ - flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM; - nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags); - nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags); - nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags); - nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags); + if (nfct_attr_is_set(ct, ATTR_TCP_STATE)) { + uint8_t flags = IP_CT_TCP_FLAG_BE_LIBERAL | + IP_CT_TCP_FLAG_SACK_PERM; + nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags); + nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags); + nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags); + nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags); + } ret = nfct_query(h, NFCT_Q_UPDATE, ct); nfct_destroy(ct); |