summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-06-21 00:31:14 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2009-06-21 00:31:14 +0200
commit9d57b20ca51ee4de21b938bc20f9e3345aa9b02b (patch)
tree8f0e7b013123d9f2ab3c479ff0b10c6e29644692 /src
parentbcb91373d0641c1999d48526411fd857d2baee28 (diff)
downloadconntrack-tools-9d57b20ca51ee4de21b938bc20f9e3345aa9b02b.tar.gz
conntrack-tools-9d57b20ca51ee4de21b938bc20f9e3345aa9b02b.zip
conntrackd: fix wrong TCP handling in unused nl_update_conntrack()
This patch fixes an incorrect use of nfct_get_attr_u32() instead of nfct_get_attr_u8() to obtain the current TCP state. This patch also sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT. The function nl_update_conntrack() is currently unused so this fix does not resolve any pending issue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/netlink.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c
index cca6f3a..5c07201 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -257,7 +257,7 @@ int nl_update_conntrack(struct nfct_handle *h,
IP_CT_TCP_FLAG_SACK_PERM;
/* FIXME: workaround, we should send TCP flags in updates */
- if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) ==
+ if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >=
TCP_CONNTRACK_TIME_WAIT) {
flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
}