diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-06-21 00:31:14 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-06-21 00:31:14 +0200 |
commit | 9d57b20ca51ee4de21b938bc20f9e3345aa9b02b (patch) | |
tree | 8f0e7b013123d9f2ab3c479ff0b10c6e29644692 /src | |
parent | bcb91373d0641c1999d48526411fd857d2baee28 (diff) | |
download | conntrack-tools-9d57b20ca51ee4de21b938bc20f9e3345aa9b02b.tar.gz conntrack-tools-9d57b20ca51ee4de21b938bc20f9e3345aa9b02b.zip |
conntrackd: fix wrong TCP handling in unused nl_update_conntrack()
This patch fixes an incorrect use of nfct_get_attr_u32() instead of
nfct_get_attr_u8() to obtain the current TCP state. This patch also
sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT.
The function nl_update_conntrack() is currently unused so this fix
does not resolve any pending issue.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c index cca6f3a..5c07201 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -257,7 +257,7 @@ int nl_update_conntrack(struct nfct_handle *h, IP_CT_TCP_FLAG_SACK_PERM; /* FIXME: workaround, we should send TCP flags in updates */ - if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) == + if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >= TCP_CONNTRACK_TIME_WAIT) { flags |= IP_CT_TCP_FLAG_CLOSE_INIT; } |