netfilter: nf_ct_tcp: extend log message for invalid ignored packets

Extend log message if packets are ignored to include the TCP state, ie. replace: [ 3968.070196] nf_ct_tcp: invalid packet ignored IN= OUT= SRC=... by: [ 3968.070196] nf_ct_tcp: invalid packet ignored in state ESTABLISHED IN= OUT= SRC=... This information is useful to know in what state we were while ignoring the packet. Signed-off-by: Pablo Neira Ayuso <[email protected]> Acked-by: Jozsef Kadlecsik <[email protected]>
jadonk · May 16, 2012 · 1a4ac98 · 1a4ac98
1 parent c44f5fa
commit 1a4ac98
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -952,7 +952,8 @@ static int tcp_packet(struct nf_conn *ct,
 		spin_unlock_bh(&ct->lock);
 		if (LOG_INVALID(net, IPPROTO_TCP))
 			nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
-				  "nf_ct_tcp: invalid packet ignored ");
+				  "nf_ct_tcp: invalid packet ignored in "
+				  "state %s ", tcp_conntrack_names[old_state]);
 		return NF_ACCEPT;
 	case TCP_CONNTRACK_MAX:
 		/* Invalid packet */