From ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 23 Dec 2009 19:37:36 +0100
Subject: conntrackd: fix flow-state filtering for TCP

This patch fixes the clause `State' in `Filter' that allows
you to filter by protocol state. This bug was introduced during
the implementation of the TCP-based synchronization.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/read_config_yy.y | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 157e945..6dfca98 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -936,6 +936,9 @@ state_proto: T_STRING
 };
 state: tcp_state;
 
+tcp_states:
+	  | tcp_states tcp_state;
+
 tcp_state: T_SYN_SENT
 {
 	ct_filter_add_state(STATE(us_filter),
@@ -1397,7 +1400,7 @@ filter_item : T_STATE T_IGNORE '{' filter_state_list '}'
 filter_state_list :
 		  | filter_state_list filter_state_item;
 
-filter_state_item : states T_FOR state_proto ;
+filter_state_item : tcp_states T_FOR T_TCP;
 
 stats: T_STATS '{' stats_list '}'
 {
-- 
cgit v1.2.3