diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-06-10 01:23:50 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-06-10 01:23:50 +0200 |
commit | 2db01c27b4b234b6da8efa3af3177447dfd36387 (patch) | |
tree | 9f7402b3f92a5f2d5c6a295b0049dab5623a913e /utils | |
parent | 8bb593c025100cc03a9b3e03f636dc999f891a1c (diff) |
tcp: add support for SYN_SENT2 state
This patch adds support for the new SYN_SENT2 state that Jozsef
has introduced to support TCP simultaneous open in 2.6.31. We can
safely include support for this feature now since the LISTEN state
was not ever really used.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'utils')
-rw-r--r-- | utils/conntrack_create.c | 2 | ||||
-rw-r--r-- | utils/conntrack_create_nat.c | 2 | ||||
-rw-r--r-- | utils/conntrack_grp_create.c | 2 | ||||
-rw-r--r-- | utils/conntrack_master.c | 4 | ||||
-rw-r--r-- | utils/expect_create.c | 2 |
5 files changed, 6 insertions, 6 deletions
diff --git a/utils/conntrack_create.c b/utils/conntrack_create.c index 56a30ff..e304fef 100644 --- a/utils/conntrack_create.c +++ b/utils/conntrack_create.c @@ -27,7 +27,7 @@ int main() nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); - nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); nfct_set_attr(ct, ATTR_HELPER_NAME, "ftp"); diff --git a/utils/conntrack_create_nat.c b/utils/conntrack_create_nat.c index 327d1d2..3cc65df 100644 --- a/utils/conntrack_create_nat.c +++ b/utils/conntrack_create_nat.c @@ -27,7 +27,7 @@ int main() nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); - nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); nfct_set_attr_u32(ct, ATTR_SNAT_IPV4, inet_addr("8.8.8.8")); diff --git a/utils/conntrack_grp_create.c b/utils/conntrack_grp_create.c index 3b62d6d..b77d155 100644 --- a/utils/conntrack_grp_create.c +++ b/utils/conntrack_grp_create.c @@ -32,7 +32,7 @@ int main() nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); - nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); nfct_set_attr(ct, ATTR_HELPER_NAME, "ftp"); diff --git a/utils/conntrack_master.c b/utils/conntrack_master.c index 1cd7490..d1552a4 100644 --- a/utils/conntrack_master.c +++ b/utils/conntrack_master.c @@ -28,7 +28,7 @@ int main() nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); - nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); h = nfct_open(CONNTRACK, 0); @@ -66,7 +66,7 @@ int main() nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); - nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); /* my conntrack master is ... */ diff --git a/utils/expect_create.c b/utils/expect_create.c index 330ef66..f05df6b 100644 --- a/utils/expect_create.c +++ b/utils/expect_create.c @@ -37,7 +37,7 @@ int main() nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY); - nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(master, ATTR_TIMEOUT, 200); h = nfct_open(CONNTRACK, 0); |