conntrackd: fix wrong TCP handling in unused nl_update_conntrack()

This patch fixes an incorrect use of nfct_get_attr_u32() instead of nfct_get_attr_u8() to obtain the current TCP state. This patch also sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT. The function nl_update_conntrack() is currently unused so this fix does not resolve any pending issue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2009-06-21 00:31:14 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2009-06-21 00:31:14 +0200
commit: 9d57b20ca51ee4de21b938bc20f9e3345aa9b02b (patch)
tree: 8f0e7b013123d9f2ab3c479ff0b10c6e29644692
parent: bcb91373d0641c1999d48526411fd857d2baee28 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c
index cca6f3a..5c07201 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -257,7 +257,7 @@ int nl_update_conntrack(struct nfct_handle *h,
 				IP_CT_TCP_FLAG_SACK_PERM;
 
 		/* FIXME: workaround, we should send TCP flags in updates */
-		if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) ==
+		if (nfct_get_attr_u8(ct, ATTR_TCP_STATE) >=
 						TCP_CONNTRACK_TIME_WAIT) {
 			flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
 		}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2009-06-21 00:31:14 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2009-06-21 00:31:14 +0200
commit	9d57b20ca51ee4de21b938bc20f9e3345aa9b02b (patch)
tree	8f0e7b013123d9f2ab3c479ff0b10c6e29644692
parent	bcb91373d0641c1999d48526411fd857d2baee28 (diff)