From b5c12f4aa3ebfc4dac37799e41616c37c188ab4f Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Fri, 26 Apr 2013 14:45:15 +0200
Subject: libxt_conntrack: fix state match alias state parsing

The conntrack match uses a different value for the UNTRACKED state than
the state match. Translate states to conntrack states to make sure they
all match.

Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 extensions/libxt_conntrack.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'extensions')

diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index f7704eba..9f7b5db2 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1037,15 +1037,15 @@ static unsigned int
 state_parse_state(const char *state, size_t len)
 {
 	if (strncasecmp(state, "INVALID", len) == 0)
-		return XT_STATE_INVALID;
+		return XT_CONNTRACK_STATE_INVALID;
 	else if (strncasecmp(state, "NEW", len) == 0)
-		return XT_STATE_BIT(IP_CT_NEW);
+		return XT_CONNTRACK_STATE_BIT(IP_CT_NEW);
 	else if (strncasecmp(state, "ESTABLISHED", len) == 0)
-		return XT_STATE_BIT(IP_CT_ESTABLISHED);
+		return XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
 	else if (strncasecmp(state, "RELATED", len) == 0)
-		return XT_STATE_BIT(IP_CT_RELATED);
+		return XT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
 	else if (strncasecmp(state, "UNTRACKED", len) == 0)
-		return XT_STATE_UNTRACKED;
+		return XT_CONNTRACK_STATE_UNTRACKED;
 	return 0;
 }
 
@@ -1115,23 +1115,23 @@ static void state_print_state(unsigned int statemask)
 {
 	const char *sep = "";
 
-	if (statemask & XT_STATE_INVALID) {
+	if (statemask & XT_CONNTRACK_STATE_INVALID) {
 		printf("%sINVALID", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_BIT(IP_CT_NEW)) {
+	if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_NEW)) {
 		printf("%sNEW", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_BIT(IP_CT_RELATED)) {
+	if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_RELATED)) {
 		printf("%sRELATED", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_BIT(IP_CT_ESTABLISHED)) {
+	if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED)) {
 		printf("%sESTABLISHED", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_UNTRACKED) {
+	if (statemask & XT_CONNTRACK_STATE_UNTRACKED) {
 		printf("%sUNTRACKED", sep);
 		sep = ",";
 	}
-- 
cgit v1.2.3