Commit 1a4ac987 authored May 14, 2012 by Pablo Neira Ayuso

netfilter: nf_ct_tcp: extend log message for invalid ignored packets



Extend log message if packets are ignored to include the TCP state, ie.
replace:

[ 3968.070196] nf_ct_tcp: invalid packet ignored IN= OUT= SRC=...

by:

[ 3968.070196] nf_ct_tcp: invalid packet ignored in state ESTABLISHED IN= OUT= SRC=...

This information is useful to know in what state we were while ignoring the
packet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

parent c44f5faa

net/netfilter/nf_conntrack_proto_tcp.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -952,7 +952,8 @@ static int tcp_packet(struct nf_conn *ct,
		spin_unlock_bh(&ct->lock);
		if (LOG_INVALID(net, IPPROTO_TCP))
		nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
		"nf_ct_tcp: invalid packet ignored ");
		"nf_ct_tcp: invalid packet ignored in "
		"state %s ", tcp_conntrack_names[old_state]);
		return NF_ACCEPT;
		case TCP_CONNTRACK_MAX:
		/* Invalid packet */