From a13351816d27350930e35ac6284fa4498f80d5e7 Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>
Date: Thu, 3 Nov 2005 20:47:17 +0000
Subject: See ChangeLog

---
 extensions/libct_proto_tcp.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'extensions/libct_proto_tcp.c')

diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 7c1e605..36ef6fc 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -139,6 +139,7 @@ int parse_options(char c, char *argv[],
 }
 
 int final_check(unsigned int flags,
+		unsigned int command,
 		struct nfct_tuple *orig,
 		struct nfct_tuple *reply)
 {
@@ -159,10 +160,11 @@ int final_check(unsigned int flags,
 	    && ((flags & (REPL_SPORT|REPL_DPORT))))
 		ret = 1;
 
-	if (ret && (flags & STATE))
-		return 1;
+	/* --state is missing and we are trying to create a conntrack */
+	if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+		ret = 0;
 
-	return 0;
+	return ret;
 }
 
 static struct ctproto_handler tcp = {
-- 
cgit v1.2.3