diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-05-20 17:53:08 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-05-20 17:53:08 +0200 |
| commit | ff7d53ece9e73e0bda937ad8716482c8cc881fb3 (patch) | |
| tree | 5e3316d4ce5886991181f323ea64b75e0ea1454f | |
| parent | 3dedd39ac8c3f4c9b3503e6a9b602fdf0341c7ed (diff) | |
fix nfct_copy with NFCT_CP_ORIG and NFCT_CP_REPLY flags
| -rw-r--r-- | src/conntrack/api.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 45b03c0..b1347dc 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -767,10 +767,15 @@ void nfct_copy(struct nf_conntrack *ct1, } static int cp_orig_mask[] = { - ATTR_ORIG_IPV6_SRC, /* this also copies IPv4 */ + ATTR_ORIG_IPV4_SRC, + ATTR_ORIG_IPV4_DST, + ATTR_ORIG_IPV6_SRC, ATTR_ORIG_IPV6_DST, - ATTR_ORIG_PORT_SRC, /* this also copies ICMP */ + ATTR_ORIG_PORT_SRC, ATTR_ORIG_PORT_DST, + ATTR_ICMP_TYPE, + ATTR_ICMP_CODE, + ATTR_ICMP_ID, ATTR_ORIG_L3PROTO, ATTR_ORIG_L4PROTO, }; @@ -778,17 +783,19 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_ORIG) { for (i=0; i<__CP_ORIG_MAX; i++) { - if (test_bit(i, ct2->set)) { + if (test_bit(cp_orig_mask[i], ct2->set)) { copy_attr_array[cp_orig_mask[i]](ct1, ct2); - set_bit(i, ct1->set); + set_bit(cp_orig_mask[i], ct1->set); } } } static int cp_repl_mask[] = { - ATTR_REPL_IPV6_SRC, /* this also copies IPv4 */ + ATTR_REPL_IPV4_SRC, + ATTR_REPL_IPV4_DST, + ATTR_REPL_IPV6_SRC, ATTR_REPL_IPV6_DST, - ATTR_REPL_PORT_SRC, /* this also copies ICMP */ + ATTR_REPL_PORT_SRC, ATTR_REPL_PORT_DST, ATTR_REPL_L3PROTO, ATTR_REPL_L4PROTO, @@ -797,9 +804,9 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_REPL) { for (i=0; i<__CP_REPL_MAX; i++) { - if (test_bit(i, ct2->set)) { + if (test_bit(cp_repl_mask[i], ct2->set)) { copy_attr_array[cp_repl_mask[i]](ct1, ct2); - set_bit(i, ct1->set); + set_bit(cp_repl_mask[i], ct1->set); } } } |