From 10d50dac91b61247f9cdfe687191e1bc959e2d5f Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sat, 15 Dec 2007 17:00:53 +0000 Subject: - add missing getter for TCP flags/mask - add TCP flags/mask attributes if they are set, otherwise skip --- src/conntrack/build.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'src/conntrack/build.c') diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 4ebc207..169f289 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -97,12 +97,18 @@ void __build_protoinfo(struct nfnlhdr *req, nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE, &ct->protoinfo.tcp.state, sizeof(u_int8_t)); - nfnl_addattr_l(&req->nlh, size, - CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, - &ct->protoinfo.tcp.flags[0], sizeof(u_int16_t)); - nfnl_addattr_l(&req->nlh, size, - CTA_PROTOINFO_TCP_FLAGS_REPLY, - &ct->protoinfo.tcp.flags[1], sizeof(u_int16_t)); + if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) && + test_bit(ATTR_TCP_MASK_ORIG, ct->set)) + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, + &ct->protoinfo.tcp.flags[0], + sizeof(u_int16_t)); + if (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) && + test_bit(ATTR_TCP_MASK_REPL, ct->set)) + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_TCP_FLAGS_REPLY, + &ct->protoinfo.tcp.flags[1], + sizeof(u_int16_t)); nfnl_nest_end(&req->nlh, nest_proto); nfnl_nest_end(&req->nlh, nest); break; @@ -276,7 +282,11 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, if (test_bit(ATTR_MARK, ct->set)) __build_mark(req, size, ct); - if (test_bit(ATTR_TCP_STATE, ct->set)) + if (test_bit(ATTR_TCP_STATE, ct->set) || + (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) && + test_bit(ATTR_TCP_MASK_ORIG, ct->set)) || + (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) && + test_but(ATTR_TCP_MASK_REPL, ct->set))) __build_protoinfo(req, size, ct); if (test_bit(ATTR_SNAT_IPV4, ct->set) && -- cgit v1.2.3