Hi, Pablo
On Tue, Feb 28, 2017 at 11:47:25AM +0100, Pablo Neira Ayuso wrote:
> > diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
> > index fb43d6c..1581480 100644
> > --- a/src/conntrack/objopt.c
> > +++ b/src/conntrack/objopt.c
> > @@ -144,10 +144,8 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option)
> >
> > static int getobjopt_is_snat(const struct nf_conntrack *ct)
> > {
> > - if (!(test_bit(ATTR_STATUS, ct->head.set)))
> > - return 0;
> > -
> > - if (!(ct->status & IPS_SRC_NAT_DONE))
> > + if (test_bit(ATTR_STATUS, ct->head.set) &&
> > + !(ct->status & IPS_SRC_NAT_DONE))
>
> However, if ATTR_STATUS is not set, we keep checking ahead. What are
> you trying to fix?
It was:
- return ((test_bit(ATTR_STATUS, ct->head.set) ?
- ct->status & IPS_SRC_NAT_DONE : 1) &&
- ct->repl.dst.v4 !=
- ct->head.orig.src.v4);
I thought it keeps checking even ATTR_STATUS is not set.
But it's ok not to apply, returning false in case of
ATTR_STATUS is not set.
Thanks,
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
