diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-12-23 19:37:36 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-12-23 19:40:49 +0100 |
| commit | ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8 (patch) | |
| tree | 909bf1f0c8eca93ee86e9fcd36cc7346fe9b9fa1 /src/read_config_yy.y | |
| parent | 65645763ebe870fa01b5c1a5dbe810feb9397ff2 (diff) | |
| download | conntrack-tools-ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8.tar.gz conntrack-tools-ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8.zip | |
conntrackd: fix flow-state filtering for TCP
This patch fixes the clause `State' in `Filter' that allows
you to filter by protocol state. This bug was introduced during
the implementation of the TCP-based synchronization.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/read_config_yy.y')
| -rw-r--r-- | src/read_config_yy.y | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 157e945..6dfca98 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -936,6 +936,9 @@ state_proto: T_STRING }; state: tcp_state; +tcp_states: + | tcp_states tcp_state; + tcp_state: T_SYN_SENT { ct_filter_add_state(STATE(us_filter), @@ -1397,7 +1400,7 @@ filter_item : T_STATE T_IGNORE '{' filter_state_list '}' filter_state_list : | filter_state_list filter_state_item; -filter_state_item : states T_FOR state_proto ; +filter_state_item : tcp_states T_FOR T_TCP; stats: T_STATS '{' stats_list '}' { |