diff options
Diffstat (limited to 'extensions/libipt_state.c')
-rw-r--r-- | extensions/libipt_state.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c index ac3c0ba3..3662d949 100644 --- a/extensions/libipt_state.c +++ b/extensions/libipt_state.c @@ -8,13 +8,17 @@ #include <linux/netfilter_ipv4/ip_conntrack.h> #include <linux/netfilter_ipv4/ipt_state.h> +#ifndef IPT_STATE_UNTRACKED +#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) +#endif + /* Function which prints out usage message. */ static void help(void) { printf( "state v%s options:\n" -" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n" +" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n" " State(s) to match\n" "\n", IPTABLES_VERSION); } @@ -43,6 +47,8 @@ parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo) sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED); else if (strncasecmp(state, "RELATED", strlen) == 0) sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED); + else if (strncasecmp(state, "UNTRACKED", strlen) == 0) + sinfo->statemask |= IPT_STATE_UNTRACKED; else return 0; return 1; @@ -117,6 +123,10 @@ static void print_state(unsigned int statemask) printf("%sESTABLISHED", sep); sep = ","; } + if (statemask & IPT_STATE_UNTRACKED) { + printf("%sUNTRACKED", sep); + sep = ","; + } printf(" "); } |