From ad17836eb03998236be259af2312c4a11b3e45f0 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 22 Feb 2011 15:49:14 +0100
Subject: conntrack: support SYN_SENT2 TCP state as --state parameter

Since Linux kernel 2.6.31, the LISTEN state is SYN_SENT2. With this
patch, we allow to use -p tcp --state SYN_SENT2 which was not possible
so far.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libct_proto_tcp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'extensions')

diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index cb573d0..0b43bf5 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -82,7 +82,8 @@ static const char *tcp_states[TCP_CONNTRACK_MAX] = {
 	[TCP_CONNTRACK_LAST_ACK]	= "LAST_ACK",
 	[TCP_CONNTRACK_TIME_WAIT]	= "TIME_WAIT",
 	[TCP_CONNTRACK_CLOSE]		= "CLOSE",
-	[TCP_CONNTRACK_LISTEN]		= "LISTEN"
+	/* Since Linux kernel 2.6.31, LISTEN is SYN_SENT2. */
+	[TCP_CONNTRACK_SYN_SENT2]	= "SYN_SENT2"
 };
 
 static void help(void)
@@ -151,7 +152,11 @@ static int parse_options(char c,
 				break;
 			}
 		}
-		if (i == TCP_CONNTRACK_MAX)
+		/* For backward compatibility with Linux kernel < 2.6.31. */
+		if (strcmp(optarg, "LISTEN") == 0) {
+			nfct_set_attr_u8(ct, ATTR_TCP_STATE,
+					 TCP_CONNTRACK_LISTEN);
+		} else if (i == TCP_CONNTRACK_MAX)
 			exit_error(PARAMETER_PROBLEM,
 				   "unknown TCP state `%s'", optarg);
 		*flags |= CT_TCP_STATE;
-- 
cgit v1.2.3