diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-14 04:55:03 -0400 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-16 18:56:38 -0400 |
commit | 1a4ac9870fb82eed56623d0f69ec59aa5bef85fe (patch) | |
tree | 9baaef014734b30c4cc349188e0ad08626b1c6b1 /net | |
parent | c44f5faa8e8c2036da2ba656f79b57a737543aff (diff) |
netfilter: nf_ct_tcp: extend log message for invalid ignored packets
Extend log message if packets are ignored to include the TCP state, ie.
replace:
[ 3968.070196] nf_ct_tcp: invalid packet ignored IN= OUT= SRC=...
by:
[ 3968.070196] nf_ct_tcp: invalid packet ignored in state ESTABLISHED IN= OUT= SRC=...
This information is useful to know in what state we were while ignoring the
packet.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 4dfbfa840f8a..21ff1a99f534 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -952,7 +952,8 @@ static int tcp_packet(struct nf_conn *ct, | |||
952 | spin_unlock_bh(&ct->lock); | 952 | spin_unlock_bh(&ct->lock); |
953 | if (LOG_INVALID(net, IPPROTO_TCP)) | 953 | if (LOG_INVALID(net, IPPROTO_TCP)) |
954 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, | 954 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, |
955 | "nf_ct_tcp: invalid packet ignored "); | 955 | "nf_ct_tcp: invalid packet ignored in " |
956 | "state %s ", tcp_conntrack_names[old_state]); | ||
956 | return NF_ACCEPT; | 957 | return NF_ACCEPT; |
957 | case TCP_CONNTRACK_MAX: | 958 | case TCP_CONNTRACK_MAX: |
958 | /* Invalid packet */ | 959 | /* Invalid packet */ |