netfilter: nf_ct_tcp: extend log message for invalid ignored packets
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 14 May 2012 08:55:03 +0000 (10:55 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 16 May 2012 22:56:38 +0000 (00:56 +0200)
Extend log message if packets are ignored to include the TCP state, ie.
replace:

[ 3968.070196] nf_ct_tcp: invalid packet ignored IN= OUT= SRC=...

by:

[ 3968.070196] nf_ct_tcp: invalid packet ignored in state ESTABLISHED IN= OUT= SRC=...

This information is useful to know in what state we were while ignoring the
packet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
net/netfilter/nf_conntrack_proto_tcp.c

index 4dfbfa840f8a57668bea85ec1d7717ca79a0cb64..21ff1a99f5341c1fe475c10a0170a1b62fc9a5f5 100644 (file)
@@ -952,7 +952,8 @@ static int tcp_packet(struct nf_conn *ct,
                spin_unlock_bh(&ct->lock);
                if (LOG_INVALID(net, IPPROTO_TCP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
-                                 "nf_ct_tcp: invalid packet ignored ");
+                                 "nf_ct_tcp: invalid packet ignored in "
+                                 "state %s ", tcp_conntrack_names[old_state]);
                return NF_ACCEPT;
        case TCP_CONNTRACK_MAX:
                /* Invalid packet */