summaryrefslogtreecommitdiffstats
path: root/src/conntrack.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-01-23 01:23:41 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-01-23 01:27:29 +0100
commit1e70249a665aa611b3547233952f8f9bb51369f8 (patch)
treeb136340a7f03ed87314ded2113363a302a44ea25 /src/conntrack.c
parent451dafe6f5e1add75793597ba9bd0e3fddf2d7f9 (diff)
conntrack: fix setting fixed-timeout status flag
% conntrack -U -u FIXED_TIMEOUT conntrack v1.0.1 (conntrack-tools): Operation failed: Device or resource busy With this patch, you can make indeed make it: % conntrack -U -u FIXED_TIMEOUT [...] conntrack v1.0.1 (conntrack-tools): 8 flow entries have been updated. This patch also adds the corresponding simple QA tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack.c')
-rw-r--r--src/conntrack.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index 5d6d067..31beba5 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1245,6 +1245,16 @@ static void copy_mark(struct nf_conntrack *tmp,
}
}
+static void copy_status(struct nf_conntrack *tmp, const struct nf_conntrack *ct)
+{
+ if (options & CT_OPT_STATUS) {
+ /* copy existing flags, we only allow setting them. */
+ uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS);
+ status |= nfct_get_attr_u32(tmp, ATTR_STATUS);
+ nfct_set_attr_u32(tmp, ATTR_STATUS, status);
+ }
+}
+
static int update_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct,
void *data)
@@ -1271,6 +1281,7 @@ static int update_cb(enum nf_conntrack_msg_type type,
nfct_copy(tmp, ct, NFCT_CP_ORIG);
nfct_copy(tmp, obj, NFCT_CP_META);
copy_mark(tmp, ct, &tmpl.mark);
+ copy_status(tmp, ct);
/* do not send NFCT_Q_UPDATE if ct appears unchanged */
if (nfct_cmp(tmp, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) {