From 9d57b20ca51ee4de21b938bc20f9e3345aa9b02b Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 21 Jun 2009 00:31:14 +0200 Subject: conntrackd: fix wrong TCP handling in unused nl_update_conntrack() This patch fixes an incorrect use of nfct_get_attr_u32() instead of nfct_get_attr_u8() to obtain the current TCP state. This patch also sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT. The function nl_update_conntrack() is currently unused so this fix does not resolve any pending issue. Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/netlink.c') diff --git a/src/netlink.c b/src/netlink.c index cca6f3a..5c07201 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -257,7 +257,7 @@ int nl_update_conntrack(struct nfct_handle *h, IP_CT_TCP_FLAG_SACK_PERM; /* FIXME: workaround, we should send TCP flags in updates */ - if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) == + if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >= TCP_CONNTRACK_TIME_WAIT) { flags |= IP_CT_TCP_FLAG_CLOSE_INIT; } -- cgit v1.2.3