- fix inconsistency in the behaviour of nfct_set_attr with ATTR_STATUS: now status flags bits of conntrack objects in userspace can be set and unset as it happens with other attributes.

- nfct_get_objopt with NAT detectors previously checks if the status attribute is set, otherwise it just skips it.

1 files changed, 9 insertions, 5 deletions

diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
index b495f55..ff73a71 100644
--- a/src/conntrack/objopt.c
+++ b/src/conntrack/objopt.c
@@ -46,22 +46,26 @@ int __getobjopt(const struct nf_conntrack *ct, unsigned int option)
 
 	switch(option) {
 	case NFCT_GOPT_IS_SNAT:
-		ret = (ct->status & IPS_SRC_NAT_DONE &&
-		       ct->tuple[__DIR_REPL].dst.v4 !=
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_SRC_NAT_DONE : 1 &&
+		       ct->tuple[__DIR_REPL].dst.v4 != 
 		       ct->tuple[__DIR_ORIG].src.v4);
 		break;
 	case NFCT_GOPT_IS_DNAT:
-		ret = (ct->status & IPS_DST_NAT_DONE &&
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_DST_NAT_DONE : 1 &&
 		       ct->tuple[__DIR_REPL].src.v4 !=
 		       ct->tuple[__DIR_ORIG].dst.v4);
 		break;
 	case NFCT_GOPT_IS_SPAT:
-		ret = (ct->status & IPS_SRC_NAT_DONE &&
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_SRC_NAT_DONE : 1 &&
 		       ct->tuple[__DIR_REPL].l4dst.tcp.port !=
 		       ct->tuple[__DIR_ORIG].l4src.tcp.port);
 		break;
 	case NFCT_GOPT_IS_DPAT:
-		ret = (ct->status & IPS_DST_NAT_DONE &&
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_DST_NAT_DONE : 1 &&
 		       ct->tuple[__DIR_REPL].l4src.tcp.port !=
 		       ct->tuple[__DIR_ORIG].l4dst.tcp.port);
 		break;