libxt_conntrack: fix state match alias state parsing
The conntrack match uses a different value for the UNTRACKED state than
the state match. Translate states to conntrack states to make sure they
all match.
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index f7704eb..9f7b5db 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1037,15 +1037,15 @@
state_parse_state(const char *state, size_t len)
{
if (strncasecmp(state, "INVALID", len) == 0)
- return XT_STATE_INVALID;
+ return XT_CONNTRACK_STATE_INVALID;
else if (strncasecmp(state, "NEW", len) == 0)
- return XT_STATE_BIT(IP_CT_NEW);
+ return XT_CONNTRACK_STATE_BIT(IP_CT_NEW);
else if (strncasecmp(state, "ESTABLISHED", len) == 0)
- return XT_STATE_BIT(IP_CT_ESTABLISHED);
+ return XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
else if (strncasecmp(state, "RELATED", len) == 0)
- return XT_STATE_BIT(IP_CT_RELATED);
+ return XT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
else if (strncasecmp(state, "UNTRACKED", len) == 0)
- return XT_STATE_UNTRACKED;
+ return XT_CONNTRACK_STATE_UNTRACKED;
return 0;
}
@@ -1115,23 +1115,23 @@
{
const char *sep = "";
- if (statemask & XT_STATE_INVALID) {
+ if (statemask & XT_CONNTRACK_STATE_INVALID) {
printf("%sINVALID", sep);
sep = ",";
}
- if (statemask & XT_STATE_BIT(IP_CT_NEW)) {
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_NEW)) {
printf("%sNEW", sep);
sep = ",";
}
- if (statemask & XT_STATE_BIT(IP_CT_RELATED)) {
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_RELATED)) {
printf("%sRELATED", sep);
sep = ",";
}
- if (statemask & XT_STATE_BIT(IP_CT_ESTABLISHED)) {
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED)) {
printf("%sESTABLISHED", sep);
sep = ",";
}
- if (statemask & XT_STATE_UNTRACKED) {
+ if (statemask & XT_CONNTRACK_STATE_UNTRACKED) {
printf("%sUNTRACKED", sep);
sep = ",";
}
