diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2007-02-27 20:30:46 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2007-02-27 20:30:46 +0000 |
commit | a232b3f2db15462f4dd8213c1bc34964c5957e7b (patch) | |
tree | 50e87eb60693b1bbd5eb55cec8e84c4b0d1373c3 /src/conntrack | |
parent | 0e610525d877a67c2dd59118aa90e01fb83ce99e (diff) |
- fix inconsistency in the behaviour of nfct_set_attr with ATTR_STATUS: now status flags bits of conntrack objects in userspace can be set and unset as it happens with other attributes.
- nfct_get_objopt with NAT detectors previously checks if the status attribute is set, otherwise it just skips it.
Diffstat (limited to 'src/conntrack')
-rw-r--r-- | src/conntrack/objopt.c | 14 | ||||
-rw-r--r-- | src/conntrack/setter.c | 2 |
2 files changed, 10 insertions, 6 deletions
diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c index b495f55..ff73a71 100644 --- a/src/conntrack/objopt.c +++ b/src/conntrack/objopt.c @@ -46,22 +46,26 @@ int __getobjopt(const struct nf_conntrack *ct, unsigned int option) switch(option) { case NFCT_GOPT_IS_SNAT: - ret = (ct->status & IPS_SRC_NAT_DONE && - ct->tuple[__DIR_REPL].dst.v4 != + ret = (test_bit(ATTR_STATUS, ct->set) ? + ct->status & IPS_SRC_NAT_DONE : 1 && + ct->tuple[__DIR_REPL].dst.v4 != ct->tuple[__DIR_ORIG].src.v4); break; case NFCT_GOPT_IS_DNAT: - ret = (ct->status & IPS_DST_NAT_DONE && + ret = (test_bit(ATTR_STATUS, ct->set) ? + ct->status & IPS_DST_NAT_DONE : 1 && ct->tuple[__DIR_REPL].src.v4 != ct->tuple[__DIR_ORIG].dst.v4); break; case NFCT_GOPT_IS_SPAT: - ret = (ct->status & IPS_SRC_NAT_DONE && + ret = (test_bit(ATTR_STATUS, ct->set) ? + ct->status & IPS_SRC_NAT_DONE : 1 && ct->tuple[__DIR_REPL].l4dst.tcp.port != ct->tuple[__DIR_ORIG].l4src.tcp.port); break; case NFCT_GOPT_IS_DPAT: - ret = (ct->status & IPS_DST_NAT_DONE && + ret = (test_bit(ATTR_STATUS, ct->set) ? + ct->status & IPS_DST_NAT_DONE : 1 && ct->tuple[__DIR_REPL].l4src.tcp.port != ct->tuple[__DIR_ORIG].l4dst.tcp.port); break; diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c index 7bc77b5..84b1d25 100644 --- a/src/conntrack/setter.c +++ b/src/conntrack/setter.c @@ -139,7 +139,7 @@ static void set_attr_mark(struct nf_conntrack *ct, const void *value) static void set_attr_status(struct nf_conntrack *ct, const void *value) { - ct->status |= *((u_int32_t *) value); + ct->status = *((u_int32_t *) value); } set_attr set_attr_array[] = { |