summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-05-16 11:31:33 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-05-16 11:31:33 +0000
commit71006b474001e697a30719d1ae3e66fefa9f181b (patch)
tree09a2a9d9829a5fb0975206f1ecb32bbf35ef9da4
parentea0469ea8f507eed0496c2cedbe1c5894169dd1c (diff)
compare layer 3 and layer 4 protocol number before addresses
-rw-r--r--src/conntrack/compare.c56
1 files changed, 28 insertions, 28 deletions
diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c
index 06afbe6..d1597c3 100644
--- a/src/conntrack/compare.c
+++ b/src/conntrack/compare.c
@@ -10,6 +10,20 @@
static int cmp_orig(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2)
{
+ if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) &&
+ test_bit(ATTR_ORIG_L3PROTO, ct2->set) &&
+ ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
+ ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
+ ct1->tuple[__DIR_ORIG].l3protonum !=
+ ct2->tuple[__DIR_ORIG].l3protonum)
+ return 0;
+
+ if (test_bit(ATTR_ORIG_L4PROTO, ct1->set) &&
+ test_bit(ATTR_ORIG_L4PROTO, ct2->set) &&
+ ct1->tuple[__DIR_ORIG].protonum !=
+ ct2->tuple[__DIR_ORIG].protonum)
+ return 0;
+
if (test_bit(ATTR_ORIG_IPV4_SRC, ct1->set) &&
test_bit(ATTR_ORIG_IPV4_SRC, ct2->set) &&
ct1->tuple[__DIR_ORIG].src.v4 !=
@@ -36,26 +50,26 @@ static int cmp_orig(const struct nf_conntrack *ct1,
sizeof(u_int32_t)*4) == 0)
return 0;
- if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) &&
- test_bit(ATTR_ORIG_L3PROTO, ct2->set) &&
- ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
- ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
- ct1->tuple[__DIR_ORIG].l3protonum !=
- ct2->tuple[__DIR_ORIG].l3protonum)
- return 0;
-
- if (test_bit(ATTR_ORIG_L4PROTO, ct1->set) &&
- test_bit(ATTR_ORIG_L4PROTO, ct2->set) &&
- ct1->tuple[__DIR_ORIG].protonum !=
- ct2->tuple[__DIR_ORIG].protonum)
- return 0;
-
return 1;
}
static int cmp_repl(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2)
{
+ if (test_bit(ATTR_REPL_L3PROTO, ct1->set) &&
+ test_bit(ATTR_REPL_L3PROTO, ct2->set) &&
+ ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
+ ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
+ ct1->tuple[__DIR_REPL].l3protonum !=
+ ct2->tuple[__DIR_REPL].l3protonum)
+ return 0;
+
+ if (test_bit(ATTR_REPL_L4PROTO, ct1->set) &&
+ test_bit(ATTR_REPL_L4PROTO, ct2->set) &&
+ ct1->tuple[__DIR_REPL].protonum !=
+ ct2->tuple[__DIR_REPL].protonum)
+ return 0;
+
if (test_bit(ATTR_REPL_IPV4_SRC, ct1->set) &&
test_bit(ATTR_REPL_IPV4_SRC, ct2->set) &&
ct1->tuple[__DIR_REPL].src.v4 !=
@@ -82,20 +96,6 @@ static int cmp_repl(const struct nf_conntrack *ct1,
sizeof(u_int32_t)*4) == 0)
return 0;
- if (test_bit(ATTR_REPL_L3PROTO, ct1->set) &&
- test_bit(ATTR_REPL_L3PROTO, ct2->set) &&
- ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
- ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
- ct1->tuple[__DIR_REPL].l3protonum !=
- ct2->tuple[__DIR_REPL].l3protonum)
- return 0;
-
- if (test_bit(ATTR_REPL_L4PROTO, ct1->set) &&
- test_bit(ATTR_REPL_L4PROTO, ct2->set) &&
- ct1->tuple[__DIR_REPL].protonum !=
- ct2->tuple[__DIR_REPL].protonum)
- return 0;
-
return 1;
}