From 4dc734c73cc4a0ff87c0ce3673544628b58c7e24 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Tue, 7 Oct 2003 18:55:13 +0000 Subject: add support for the raw table to userspace --- extensions/libipt_conntrack.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'extensions/libipt_conntrack.c') diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c index ccb78ea1..63b38e98 100644 --- a/extensions/libipt_conntrack.c +++ b/extensions/libipt_conntrack.c @@ -13,13 +13,17 @@ #include #include +#ifndef IPT_CONNTRACK_STATE_UNTRACKED +#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) +#endif + /* Function which prints out usage message. */ static void help(void) { printf( "conntrack match v%s options:\n" -" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|SNAT|DNAT][,...]\n" +" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED|SNAT|DNAT][,...]\n" " State(s) to match\n" " [!] --ctproto proto Protocol to match; by number or name, eg. `tcp'\n" " --ctorigsrc [!] address[/mask]\n" @@ -70,6 +74,8 @@ parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo) sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED); else if (strncasecmp(state, "RELATED", strlen) == 0) sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED); + else if (strncasecmp(state, "UNTRACKED", strlen) == 0) + sinfo->statemask |= IPT_CONNTRACK_STATE_UNTRACKED; else if (strncasecmp(state, "SNAT", strlen) == 0) sinfo->statemask |= IPT_CONNTRACK_STATE_SNAT; else if (strncasecmp(state, "DNAT", strlen) == 0) @@ -349,6 +355,10 @@ print_state(unsigned int statemask) printf("%sESTABLISHED", sep); sep = ","; } + if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) { + printf("%sUNTRACKED", sep); + sep = ","; + } if (statemask & IPT_CONNTRACK_STATE_SNAT) { printf("%sSNAT", sep); sep = ","; -- cgit v1.2.3