diff options
| author | Asbjørn Sloth Tønnesen <ast@fiberby.dk> | 2016-01-25 11:15:45 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-02-01 00:06:39 +0100 |
| commit | 00c5da5752e2146c67ed2a5bc3ff5b072fe18735 (patch) | |
| tree | 3501b6eff18d2a8797688c8cc661c0d52a63bd92 | |
| parent | d1a5fa49ef5cc735046202e85edf05988acfb18b (diff) | |
conntrack: consolidate filtering
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.dk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/conntrack.c | 57 |
1 files changed, 20 insertions, 37 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index b5a0a13..cb9545b 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1208,6 +1208,21 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct) return 0; } +static int +nfct_filter(struct nf_conntrack *obj, struct nf_conntrack *ct) +{ + if (filter_nat(obj, ct) || + filter_mark(ct) || + filter_label(ct)) + return 1; + + if (options & CT_COMPARISON && + !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) + return 1; + + return 0; +} + static int counter; static int dump_xml_header_done = 1; @@ -1248,17 +1263,7 @@ static int event_cb(enum nf_conntrack_msg_type type, unsigned int op_type = NFCT_O_DEFAULT; unsigned int op_flags = 0; - if (filter_nat(obj, ct)) - return NFCT_CB_CONTINUE; - - if (filter_mark(ct)) - return NFCT_CB_CONTINUE; - - if (filter_label(ct)) - return NFCT_CB_CONTINUE; - - if (options & CT_COMPARISON && - !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) + if (nfct_filter(obj, ct)) return NFCT_CB_CONTINUE; if (output_mask & _O_XML) { @@ -1303,17 +1308,7 @@ static int dump_cb(enum nf_conntrack_msg_type type, unsigned int op_type = NFCT_O_DEFAULT; unsigned int op_flags = 0; - if (filter_nat(obj, ct)) - return NFCT_CB_CONTINUE; - - if (filter_mark(ct)) - return NFCT_CB_CONTINUE; - - if (filter_label(ct)) - return NFCT_CB_CONTINUE; - - if (options & CT_COMPARISON && - !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) + if (nfct_filter(obj, ct)) return NFCT_CB_CONTINUE; if (output_mask & _O_XML) { @@ -1349,17 +1344,7 @@ static int delete_cb(enum nf_conntrack_msg_type type, unsigned int op_type = NFCT_O_DEFAULT; unsigned int op_flags = 0; - if (filter_nat(obj, ct)) - return NFCT_CB_CONTINUE; - - if (filter_mark(ct)) - return NFCT_CB_CONTINUE; - - if (filter_label(ct)) - return NFCT_CB_CONTINUE; - - if (options & CT_COMPARISON && - !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) + if (nfct_filter(obj, ct)) return NFCT_CB_CONTINUE; res = nfct_query(ith, NFCT_Q_DESTROY, ct); @@ -1498,7 +1483,8 @@ static int update_cb(enum nf_conntrack_msg_type type, int res; struct nf_conntrack *obj = data, *tmp; - if (filter_nat(obj, ct)) + if (filter_nat(obj, ct) || + filter_label(ct)) return NFCT_CB_CONTINUE; if (nfct_attr_is_set(obj, ATTR_ID) && nfct_attr_is_set(ct, ATTR_ID) && @@ -1510,9 +1496,6 @@ static int update_cb(enum nf_conntrack_msg_type type, if (options & CT_OPT_TUPLE_REPL && !nfct_cmp(obj, ct, NFCT_CMP_REPL)) return NFCT_CB_CONTINUE; - if (filter_label(ct)) - return NFCT_CB_CONTINUE; - tmp = nfct_new(); if (tmp == NULL) exit_error(OTHER_PROBLEM, "out of memory"); |