summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libct_proto_icmp.c1
-rw-r--r--extensions/libct_proto_sctp.c8
-rw-r--r--extensions/libct_proto_tcp.c8
-rw-r--r--extensions/libct_proto_udp.c1
4 files changed, 12 insertions, 6 deletions
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c
index d9c5cb3..6fe1e16 100644
--- a/extensions/libct_proto_icmp.c
+++ b/extensions/libct_proto_icmp.c
@@ -87,6 +87,7 @@ int parse(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index 5e96391..6c85f56 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -116,6 +116,7 @@ int parse_options(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{
@@ -136,10 +137,11 @@ int final_check(unsigned int flags,
&& ((flags & (REPL_SPORT|REPL_DPORT))))
ret = 1;
- if (ret & (flags & STATE))
- return 1;
+ /* --state is missing and we are trying to create a conntrack */
+ if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+ ret = 0;
- return 0;
+ return ret;
}
static struct ctproto_handler sctp = {
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 7c1e605..36ef6fc 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -139,6 +139,7 @@ int parse_options(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{
@@ -159,10 +160,11 @@ int final_check(unsigned int flags,
&& ((flags & (REPL_SPORT|REPL_DPORT))))
ret = 1;
- if (ret && (flags & STATE))
- return 1;
+ /* --state is missing and we are trying to create a conntrack */
+ if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+ ret = 0;
- return 0;
+ return ret;
}
static struct ctproto_handler tcp = {
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index b33ba7d..2c812c6 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -103,6 +103,7 @@ int parse_options(char c, char *argv[],
}
int final_check(unsigned int flags,
+ unsigned int command,
struct nfct_tuple *orig,
struct nfct_tuple *reply)
{