summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-11-03 20:47:17 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-11-03 20:47:17 +0000
commita13351816d27350930e35ac6284fa4498f80d5e7 (patch)
tree0c241f631300da2619257862a4c18160f5e58b7d /extensions
parentba2a63e1b8e18e0d1f383af50d3d40c2eb785d3e (diff)
See ChangeLog
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libct_proto_icmp.c1
-rw-r--r--extensions/libct_proto_sctp.c8
-rw-r--r--extensions/libct_proto_tcp.c8
-rw-r--r--extensions/libct_proto_udp.c1
4 files changed, 12 insertions, 6 deletions
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c
index d9c5cb3..6fe1e16 100644
--- a/extensions/libct_proto_icmp.c
+++ b/extensions/libct_proto_icmp.c
@@ -87,6 +87,7 @@ int parse(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index 5e96391..6c85f56 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -116,6 +116,7 @@ int parse_options(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{
@@ -136,10 +137,11 @@ int final_check(unsigned int flags,
&& ((flags & (REPL_SPORT|REPL_DPORT))))
ret = 1;
- if (ret & (flags & STATE))
- return 1;
+ /* --state is missing and we are trying to create a conntrack */
+ if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+ ret = 0;
- return 0;
+ return ret;
}
static struct ctproto_handler sctp = {
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 7c1e605..36ef6fc 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -139,6 +139,7 @@ int parse_options(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{
@@ -159,10 +160,11 @@ int final_check(unsigned int flags,
&& ((flags & (REPL_SPORT|REPL_DPORT))))
ret = 1;
- if (ret && (flags & STATE))
- return 1;
+ /* --state is missing and we are trying to create a conntrack */
+ if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+ ret = 0;
- return 0;
+ return ret;
}
static struct ctproto_handler tcp = {
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index b33ba7d..2c812c6 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -103,6 +103,7 @@ int parse_options(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{