aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-05-14 04:55:03 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2012-05-16 18:56:38 -0400
commit1a4ac9870fb82eed56623d0f69ec59aa5bef85fe (patch)
tree9baaef014734b30c4cc349188e0ad08626b1c6b1 /net
parentc44f5faa8e8c2036da2ba656f79b57a737543aff (diff)
netfilter: nf_ct_tcp: extend log message for invalid ignored packets
Extend log message if packets are ignored to include the TCP state, ie. replace: [ 3968.070196] nf_ct_tcp: invalid packet ignored IN= OUT= SRC=... by: [ 3968.070196] nf_ct_tcp: invalid packet ignored in state ESTABLISHED IN= OUT= SRC=... This information is useful to know in what state we were while ignoring the packet. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 4dfbfa840f8a..21ff1a99f534 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -952,7 +952,8 @@ static int tcp_packet(struct nf_conn *ct,
952 spin_unlock_bh(&ct->lock); 952 spin_unlock_bh(&ct->lock);
953 if (LOG_INVALID(net, IPPROTO_TCP)) 953 if (LOG_INVALID(net, IPPROTO_TCP))
954 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 954 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
955 "nf_ct_tcp: invalid packet ignored "); 955 "nf_ct_tcp: invalid packet ignored in "
956 "state %s ", tcp_conntrack_names[old_state]);
956 return NF_ACCEPT; 957 return NF_ACCEPT;
957 case TCP_CONNTRACK_MAX: 958 case TCP_CONNTRACK_MAX:
958 /* Invalid packet */ 959 /* Invalid packet */