summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@gmail.com>2017-04-01 20:31:32 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-04-08 23:52:15 +0200
commit97aae0df1de4d7dd80905fb067e28b032a132995 (patch)
tree4f2cd924d078bd98a45535f33634874a444c21ec
parent2638fd0f92d4397884fd991d8f4925cb3f081901 (diff)
downloadlinux-97aae0df1de4d7dd80905fb067e28b032a132995.tar.bz2
netfilter: ctnetlink: using bit to represent the ct event
Otherwise, creating a new conntrack via nfnetlink: # conntrack -I -p udp -s 1.1.1.1 -d 2.2.2.2 -t 10 --sport 10 --dport 20 will emit the wrong ct events(where UPDATE should be NEW): # conntrack -E [UPDATE] udp 17 10 src=1.1.1.1 dst=2.2.2.2 sport=10 dport=20 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=20 dport=10 mark=0 Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nf_conntrack_netlink.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 908d858034e4..59ee27deb9a0 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1929,9 +1929,9 @@ static int ctnetlink_new_conntrack(struct net *net, struct sock *ctnl,
err = 0;
if (test_bit(IPS_EXPECTED_BIT, &ct->status))
- events = IPCT_RELATED;
+ events = 1 << IPCT_RELATED;
else
- events = IPCT_NEW;
+ events = 1 << IPCT_NEW;
if (cda[CTA_LABELS] &&
ctnetlink_attach_labels(ct, cda) == 0)