diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-01-23 01:23:41 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-01-23 01:27:29 +0100 |
commit | 1e70249a665aa611b3547233952f8f9bb51369f8 (patch) | |
tree | b136340a7f03ed87314ded2113363a302a44ea25 | |
parent | 451dafe6f5e1add75793597ba9bd0e3fddf2d7f9 (diff) | |
download | conntrack-tools-1e70249a665aa611b3547233952f8f9bb51369f8.tar.gz conntrack-tools-1e70249a665aa611b3547233952f8f9bb51369f8.zip |
conntrack: fix setting fixed-timeout status flag
% conntrack -U -u FIXED_TIMEOUT
conntrack v1.0.1 (conntrack-tools): Operation failed: Device or resource busy
With this patch, you can make indeed make it:
% conntrack -U -u FIXED_TIMEOUT
[...]
conntrack v1.0.1 (conntrack-tools): 8 flow entries have been updated.
This patch also adds the corresponding simple QA tests.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | qa/testsuite/06update | 8 | ||||
-rw-r--r-- | src/conntrack.c | 11 |
2 files changed, 19 insertions, 0 deletions
diff --git a/qa/testsuite/06update b/qa/testsuite/06update new file mode 100644 index 0000000..0408303 --- /dev/null +++ b/qa/testsuite/06update @@ -0,0 +1,8 @@ +# create dummy flow +-I -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 --state SYN_RECV -u SEEN_REPLY,ASSURED -t 50 ; OK +# find it again using mark +-L -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 ; OK +# set fixed timeout +-U -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20 -u FIXED_TIMEOUT; OK +# delete it +-D -s 1.1.1.1 -d 2.2.2.2 -p tcp --sport 10 --dport 20; OK diff --git a/src/conntrack.c b/src/conntrack.c index 5d6d067..31beba5 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1245,6 +1245,16 @@ static void copy_mark(struct nf_conntrack *tmp, } } +static void copy_status(struct nf_conntrack *tmp, const struct nf_conntrack *ct) +{ + if (options & CT_OPT_STATUS) { + /* copy existing flags, we only allow setting them. */ + uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS); + status |= nfct_get_attr_u32(tmp, ATTR_STATUS); + nfct_set_attr_u32(tmp, ATTR_STATUS, status); + } +} + static int update_cb(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data) @@ -1271,6 +1281,7 @@ static int update_cb(enum nf_conntrack_msg_type type, nfct_copy(tmp, ct, NFCT_CP_ORIG); nfct_copy(tmp, obj, NFCT_CP_META); copy_mark(tmp, ct, &tmpl.mark); + copy_status(tmp, ct); /* do not send NFCT_Q_UPDATE if ct appears unchanged */ if (nfct_cmp(tmp, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) { |