diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | extensions/libct_proto_sctp.c | 10 | ||||
| -rw-r--r-- | extensions/libct_proto_tcp.c | 10 | ||||
| -rw-r--r-- | include/conntrack.h | 2 |
4 files changed, 20 insertions, 5 deletions
@@ -3,6 +3,9 @@ o moves conntrack tool from bin to sbin directory since this application is an administration utility and it requires uid==0 or CAP_NET_ADMIN +<pablo@eurodev.net> + o check if --state missing when -p is passed + o Bumped version to 0.96 2005-11-01 <pablo@eurodev.net> diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index 2b1a337..5e96391 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -108,6 +108,7 @@ int parse_options(char c, char *argv[], printf("doh?\n"); return 0; } + *flags |= STATE; } break; } @@ -118,19 +119,24 @@ int final_check(unsigned int flags, struct nfct_tuple *orig, struct nfct_tuple *reply) { + int ret = 0; + if ((flags & (ORIG_SPORT|ORIG_DPORT)) && !(flags & (REPL_SPORT|REPL_DPORT))) { reply->l4src.sctp.port = orig->l4dst.sctp.port; reply->l4dst.sctp.port = orig->l4src.sctp.port; - return 1; + ret = 1; } else if (!(flags & (ORIG_SPORT|ORIG_DPORT)) && (flags & (REPL_SPORT|REPL_DPORT))) { orig->l4src.sctp.port = reply->l4dst.sctp.port; orig->l4dst.sctp.port = reply->l4src.sctp.port; - return 1; + ret = 1; } if ((flags & (ORIG_SPORT|ORIG_DPORT)) && ((flags & (REPL_SPORT|REPL_DPORT)))) + ret = 1; + + if (ret & (flags & STATE)) return 1; return 0; diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 4aa6587..7c1e605 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -131,6 +131,7 @@ int parse_options(char c, char *argv[], printf("doh?\n"); return 0; } + *flags |= STATE; } break; } @@ -141,19 +142,24 @@ int final_check(unsigned int flags, struct nfct_tuple *orig, struct nfct_tuple *reply) { + int ret = 0; + if ((flags & (ORIG_SPORT|ORIG_DPORT)) && !(flags & (REPL_SPORT|REPL_DPORT))) { reply->l4src.tcp.port = orig->l4dst.tcp.port; reply->l4dst.tcp.port = orig->l4src.tcp.port; - return 1; + ret = 1; } else if (!(flags & (ORIG_SPORT|ORIG_DPORT)) && (flags & (REPL_SPORT|REPL_DPORT))) { orig->l4src.tcp.port = reply->l4dst.tcp.port; orig->l4dst.tcp.port = reply->l4src.tcp.port; - return 1; + ret = 1; } if ((flags & (ORIG_SPORT|ORIG_DPORT)) && ((flags & (REPL_SPORT|REPL_DPORT)))) + ret = 1; + + if (ret && (flags & STATE)) return 1; return 0; diff --git a/include/conntrack.h b/include/conntrack.h index 58a9170..efe4417 100644 --- a/include/conntrack.h +++ b/include/conntrack.h @@ -6,7 +6,7 @@ #include <libnetfilter_conntrack/libnetfilter_conntrack.h> #define PROGNAME "conntrack" -#define CONNTRACK_VERSION "0.95" +#define CONNTRACK_VERSION "0.96" /* FIXME: These should be independent from kernel space */ #define IPS_ASSURED (1 << 2) |