From: Patrick McHardy <kaber@trash.net>
Date: Fri, 26 Apr 2013 12:45:15 +0000 (+0200)
Subject: libxt_conntrack: fix state match alias state parsing
X-Git-Tag: v1.4.19.1~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5c12f4aa3ebfc4dac37799e41616c37c188ab4f;p=thirdparty%2Fiptables.git

libxt_conntrack: fix state match alias state parsing

The conntrack match uses a different value for the UNTRACKED state than
the state match. Translate states to conntrack states to make sure they
all match.

Signed-off-by: Patrick McHardy <kaber@trash.net>
---

diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index f7704eba..9f7b5db2 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1037,15 +1037,15 @@ static unsigned int
 state_parse_state(const char *state, size_t len)
 {
 	if (strncasecmp(state, "INVALID", len) == 0)
-		return XT_STATE_INVALID;
+		return XT_CONNTRACK_STATE_INVALID;
 	else if (strncasecmp(state, "NEW", len) == 0)
-		return XT_STATE_BIT(IP_CT_NEW);
+		return XT_CONNTRACK_STATE_BIT(IP_CT_NEW);
 	else if (strncasecmp(state, "ESTABLISHED", len) == 0)
-		return XT_STATE_BIT(IP_CT_ESTABLISHED);
+		return XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
 	else if (strncasecmp(state, "RELATED", len) == 0)
-		return XT_STATE_BIT(IP_CT_RELATED);
+		return XT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
 	else if (strncasecmp(state, "UNTRACKED", len) == 0)
-		return XT_STATE_UNTRACKED;
+		return XT_CONNTRACK_STATE_UNTRACKED;
 	return 0;
 }
 
@@ -1115,23 +1115,23 @@ static void state_print_state(unsigned int statemask)
 {
 	const char *sep = "";
 
-	if (statemask & XT_STATE_INVALID) {
+	if (statemask & XT_CONNTRACK_STATE_INVALID) {
 		printf("%sINVALID", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_BIT(IP_CT_NEW)) {
+	if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_NEW)) {
 		printf("%sNEW", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_BIT(IP_CT_RELATED)) {
+	if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_RELATED)) {
 		printf("%sRELATED", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_BIT(IP_CT_ESTABLISHED)) {
+	if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED)) {
 		printf("%sESTABLISHED", sep);
 		sep = ",";
 	}
-	if (statemask & XT_STATE_UNTRACKED) {
+	if (statemask & XT_CONNTRACK_STATE_UNTRACKED) {
 		printf("%sUNTRACKED", sep);
 		sep = ",";
 	}