Commit 97aae0df authored by Liping Zhang's avatar Liping Zhang Committed by Pablo Neira Ayuso

netfilter: ctnetlink: using bit to represent the ct event

Otherwise, creating a new conntrack via nfnetlink:
  # conntrack -I -p udp -s 1.1.1.1 -d 2.2.2.2 -t 10 --sport 10 --dport 20

will emit the wrong ct events(where UPDATE should be NEW):
  # conntrack -E
  [UPDATE] udp      17 10 src=1.1.1.1 dst=2.2.2.2 sport=10 dport=20
  [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=20 dport=10 mark=0
Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 2638fd0f
...@@ -1929,9 +1929,9 @@ static int ctnetlink_new_conntrack(struct net *net, struct sock *ctnl, ...@@ -1929,9 +1929,9 @@ static int ctnetlink_new_conntrack(struct net *net, struct sock *ctnl,
err = 0; err = 0;
if (test_bit(IPS_EXPECTED_BIT, &ct->status)) if (test_bit(IPS_EXPECTED_BIT, &ct->status))
events = IPCT_RELATED; events = 1 << IPCT_RELATED;
else else
events = IPCT_NEW; events = 1 << IPCT_NEW;
if (cda[CTA_LABELS] && if (cda[CTA_LABELS] &&
ctnetlink_attach_labels(ct, cda) == 0) ctnetlink_attach_labels(ct, cda) == 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment