diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-10-02 17:06:56 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-10-02 17:06:56 +0200 |
commit | fb92f85dcc664ad94c1d2919b729086eee774893 (patch) | |
tree | 635e234861ca6916d71bd279cbdcd3525cb84b27 /src/conntrack/api.c | |
parent | 8bb0e3049b8a7f67d60ba2deed18584acce4eca6 (diff) |
compare: add two new flags for different level of comparisons
This patch adds NFCT_CMP_MASK and NFCT_CMP_STRICT which determines the
level of strictness that is applied to the comparison of two conntrack
objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r-- | src/conntrack/api.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 8015440..7943082 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -695,12 +695,20 @@ int nfct_compare(const struct nf_conntrack *ct1, * @ct2: pointer to a valid conntrack object * @flags: flags * - * This function only compare attribute set in both objects, ie. if a certain - * attribute is not set in ct1 but it is in ct2, then the value of such - * attribute is not used in the comparison. + * This function only compare attribute set in both objects, by default + * the comparison is not strict, ie. if a certain attribute is not set in one + * of the objects, then such attribute is not used in the comparison. + * If you want more strict comparisons, you can use the appropriate flags + * to modify this behaviour (see NFCT_CMP_STRICT and NFCT_CMP_MASK). * * The available flags are: * + * - NFCT_CMP_STRICT: the compared objects must have the same attributes + * and the same values, otherwise it returns that the objects are + * different. + * - NFCT_CMP_MASK: the first object is used as mask, this means that + * if an attribute is present in ct1 but not in ct2, this function + * returns that the objects are different. * - NFCT_CMP_ALL: full comparison of both objects * - NFCT_CMP_ORIG: it only compares the source and destination address; * source and destination ports; the layer 3 and 4 protocol numbers |