From 817f847b52bb05c924491deb994194fd5c1c3ba2 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 21 Jul 2009 16:58:43 +0200
Subject: conntrackd: use conntrack ID in the cache lookup

This patch adds the conntrack ID to the comparison that is made in
the lookup of entries that are stored in the cache. For old kernels,
this field is set to zero for all entries so this patch does not
make any difference. For recent kernels, this allows to keep two
entries with the same tuple and different IDs: this is possible if
NetlinkEventsReliable is set on. Moreover, this patch is useful to
test the reliable ctnetlink event delivery in 2.6.31 works fine.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cache.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cache.c b/src/cache.c
index f95bef6..ccdce86 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -90,7 +90,9 @@ static int compare(const void *data1, const void *data2)
 	const struct cache_object *obj = data1;
 	const struct nf_conntrack *ct = data2;
 
-	return nfct_cmp(obj->ct, ct, NFCT_CMP_ORIG);
+	return nfct_cmp(obj->ct, ct, NFCT_CMP_ORIG) &&
+	       nfct_get_attr_u32(obj->ct, ATTR_ID) ==
+	       nfct_get_attr_u32(ct, ATTR_ID);
 }
 
 struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = {
-- 
cgit v1.2.3