summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_state.c
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/libipt_state.c')
-rw-r--r--extensions/libipt_state.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c
index ac3c0ba3..3662d949 100644
--- a/extensions/libipt_state.c
+++ b/extensions/libipt_state.c
@@ -8,13 +8,17 @@
#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ipt_state.h>
+#ifndef IPT_STATE_UNTRACKED
+#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
+#endif
+
/* Function which prints out usage message. */
static void
help(void)
{
printf(
"state v%s options:\n"
-" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n"
+" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
" State(s) to match\n"
"\n", IPTABLES_VERSION);
}
@@ -43,6 +47,8 @@ parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo)
sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED);
else if (strncasecmp(state, "RELATED", strlen) == 0)
sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED);
+ else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+ sinfo->statemask |= IPT_STATE_UNTRACKED;
else
return 0;
return 1;
@@ -117,6 +123,10 @@ static void print_state(unsigned int statemask)
printf("%sESTABLISHED", sep);
sep = ",";
}
+ if (statemask & IPT_STATE_UNTRACKED) {
+ printf("%sUNTRACKED", sep);
+ sep = ",";
+ }
printf(" ");
}