diff options
| author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2005-11-03 20:47:17 +0000 |
|---|---|---|
| committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2005-11-03 20:47:17 +0000 |
| commit | a13351816d27350930e35ac6284fa4498f80d5e7 (patch) | |
| tree | 0c241f631300da2619257862a4c18160f5e58b7d /extensions | |
| parent | ba2a63e1b8e18e0d1f383af50d3d40c2eb785d3e (diff) | |
| download | conntrack-tools-a13351816d27350930e35ac6284fa4498f80d5e7.tar.gz conntrack-tools-a13351816d27350930e35ac6284fa4498f80d5e7.zip | |
See ChangeLog
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libct_proto_icmp.c | 1 | ||||
| -rw-r--r-- | extensions/libct_proto_sctp.c | 8 | ||||
| -rw-r--r-- | extensions/libct_proto_tcp.c | 8 | ||||
| -rw-r--r-- | extensions/libct_proto_udp.c | 1 |
4 files changed, 12 insertions, 6 deletions
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c index d9c5cb3..6fe1e16 100644 --- a/extensions/libct_proto_icmp.c +++ b/extensions/libct_proto_icmp.c @@ -87,6 +87,7 @@ int parse(char c, char *argv[], } int final_check(unsigned int flags, + unsigned int command, struct nfct_tuple *orig, struct nfct_tuple *reply) { diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index 5e96391..6c85f56 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -116,6 +116,7 @@ int parse_options(char c, char *argv[], } int final_check(unsigned int flags, + unsigned int command, struct nfct_tuple *orig, struct nfct_tuple *reply) { @@ -136,10 +137,11 @@ int final_check(unsigned int flags, && ((flags & (REPL_SPORT|REPL_DPORT)))) ret = 1; - if (ret & (flags & STATE)) - return 1; + /* --state is missing and we are trying to create a conntrack */ + if (ret && (command & CT_CREATE) && (!(flags & STATE))) + ret = 0; - return 0; + return ret; } static struct ctproto_handler sctp = { diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 7c1e605..36ef6fc 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -139,6 +139,7 @@ int parse_options(char c, char *argv[], } int final_check(unsigned int flags, + unsigned int command, struct nfct_tuple *orig, struct nfct_tuple *reply) { @@ -159,10 +160,11 @@ int final_check(unsigned int flags, && ((flags & (REPL_SPORT|REPL_DPORT)))) ret = 1; - if (ret && (flags & STATE)) - return 1; + /* --state is missing and we are trying to create a conntrack */ + if (ret && (command & CT_CREATE) && (!(flags & STATE))) + ret = 0; - return 0; + return ret; } static struct ctproto_handler tcp = { diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index b33ba7d..2c812c6 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -103,6 +103,7 @@ int parse_options(char c, char *argv[], } int final_check(unsigned int flags, + unsigned int command, struct nfct_tuple *orig, struct nfct_tuple *reply) { |