Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
extensions/libxt_conntrack.c | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 128bbd2..4154464 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1156,6 +1156,43 @@ static void state_save(const void *ip, const struct xt_entry_match *match)
state_print_state(sinfo->statemask);
}
+static void state_xlate_print(struct xt_buf *buf, unsigned int statemask)
+{
+ const char *sep = "";
+
+ if (statemask & XT_CONNTRACK_STATE_INVALID) {
+ xt_buf_add(buf, "%s%s", sep, "invalid");
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_NEW)) {
+ xt_buf_add(buf, "%s%s", sep, "new");
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_RELATED)) {
+ xt_buf_add(buf, "%s%s", sep, "related");
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED)) {
+ xt_buf_add(buf, "%s%s", sep, "established");
+ sep = ",";
+ }
+ if (statemask & XT_CONNTRACK_STATE_UNTRACKED) {
+ xt_buf_add(buf, "%s%s", sep, "untracked");
+ sep = ",";
+ }
+}
+
+static int state_xlate(const struct xt_entry_match *match, struct xt_buf *buf)
+{
+ const struct xt_conntrack_mtinfo3 *sinfo = (const void *)match->data;
+
+ xt_buf_add(buf, "ct state %s", sinfo->invert_flags & XT_CONNTRACK_STATE ?
+ "!= " : "");
+ state_xlate_print(buf, sinfo->state_mask);
+ xt_buf_add(buf, " ");
+ return 1;
+}
+
static struct xtables_match conntrack_mt_reg[] = {
{
.version = XTABLES_VERSION,
@@ -1306,6 +1343,7 @@ static struct xtables_match conntrack_mt_reg[] = {
.save = state_save,
.x6_parse = state_ct23_parse,
.x6_options = state_opts,
+ .xlate = state_xlate,
},
{
.family = NFPROTO_UNSPEC,
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
