summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2003-08-25 11:08:52 +0000
committerHarald Welte <laforge@gnumonks.org>2003-08-25 11:08:52 +0000
commita643c3eccb6a985e720c807f5a4c86347fc9b899 (patch)
tree769368393f9e384d6ac4dd551cfef6a7db3b3411
parentc8d8a2f4e376eb4b012a11a88e266ff291d87e90 (diff)
add support for matching the IPS_CONFIRMED bit (Harald Welte)
-rw-r--r--extensions/libipt_conntrack.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index 3f322d01..ccb78ea1 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -30,7 +30,7 @@ help(void)
" Reply source specification\n"
" --ctrepldst [!] address[/mask]\n"
" Reply destination specification\n"
-" [!] --ctstatus [NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]\n"
+" [!] --ctstatus [NONE|EXPECTED|SEEN_REPLY|ASSURED|CONFIRMED][,...]\n"
" Status(es) to match\n"
" [!] --ctexpire time[:time] Match remaining lifetime in seconds against\n"
" value or range of values (inclusive)\n"
@@ -105,6 +105,10 @@ parse_status(const char *status, size_t strlen, struct ipt_conntrack_info *sinfo
sinfo->statusmask |= IPS_SEEN_REPLY;
else if (strncasecmp(status, "ASSURED", strlen) == 0)
sinfo->statusmask |= IPS_ASSURED;
+#ifdef IPS_CONFIRMED
+ else if (strncasecmp(status, "CONFIRMED", strlen) == 0)
+ sinfo->stausmask |= IPS_CONFIRMED;
+#endif
else
return 0;
return 1;
@@ -373,6 +377,12 @@ print_status(unsigned int statusmask)
printf("%sASSURED", sep);
sep = ",";
}
+#ifdef IPS_CONFIRMED
+ if (statusmask & IPS_CONFIRMED) {
+ printf("%sCONFIRMED", sep);
+ sep =",";
+ }
+#endif
if (statusmask == 0) {
printf("%sNONE", sep);
sep = ",";