diff options
Diffstat (limited to 'extensions/libxt_conntrack.c')
-rw-r--r-- | extensions/libxt_conntrack.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index 7734509c..64018ce1 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -1148,10 +1148,13 @@ static void state_save(const void *ip, const struct xt_entry_match *match) state_print_state(sinfo->statemask); } -static void state_xlate_print(struct xt_xlate *xl, unsigned int statemask) +static void state_xlate_print(struct xt_xlate *xl, unsigned int statemask, int inverted) { const char *sep = ""; + if (inverted) + xt_xlate_add(xl, "! "); + if (statemask & XT_CONNTRACK_STATE_INVALID) { xt_xlate_add(xl, "%s%s", sep, "invalid"); sep = ","; @@ -1180,17 +1183,20 @@ static int state_xlate(struct xt_xlate *xl, const struct xt_conntrack_mtinfo3 *sinfo = (const void *)params->match->data; - xt_xlate_add(xl, "ct state %s", sinfo->invert_flags & XT_CONNTRACK_STATE ? - "!= " : ""); - state_xlate_print(xl, sinfo->state_mask); + xt_xlate_add(xl, "ct state "); + state_xlate_print(xl, sinfo->state_mask, + sinfo->invert_flags & XT_CONNTRACK_STATE); xt_xlate_add(xl, " "); return 1; } -static void status_xlate_print(struct xt_xlate *xl, unsigned int statusmask) +static void status_xlate_print(struct xt_xlate *xl, unsigned int statusmask, int inverted) { const char *sep = ""; + if (inverted) + xt_xlate_add(xl, "! "); + if (statusmask & IPS_EXPECTED) { xt_xlate_add(xl, "%s%s", sep, "expected"); sep = ","; @@ -1256,19 +1262,17 @@ static int _conntrack3_mt_xlate(struct xt_xlate *xl, sinfo->state_mask & XT_CONNTRACK_STATE_SNAT ? "snat" : "dnat"); space = " "; } else { - xt_xlate_add(xl, "%sct state %s", space, - sinfo->invert_flags & XT_CONNTRACK_STATE ? - "!= " : ""); - state_xlate_print(xl, sinfo->state_mask); + xt_xlate_add(xl, "%sct state ", space); + state_xlate_print(xl, sinfo->state_mask, + sinfo->invert_flags & XT_CONNTRACK_STATE); space = " "; } } if (sinfo->match_flags & XT_CONNTRACK_STATUS) { - xt_xlate_add(xl, "%sct status %s", space, - sinfo->invert_flags & XT_CONNTRACK_STATUS ? - "!= " : ""); - status_xlate_print(xl, sinfo->status_mask); + xt_xlate_add(xl, "%sct status ", space); + status_xlate_print(xl, sinfo->status_mask, + sinfo->invert_flags & XT_CONNTRACK_STATUS); space = " "; } |