From c3704c0e73d0dda9d9d5919af22831a439fbc611 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sun, 13 Apr 2008 00:38:09 +0000 Subject: - add nfct_cmp (replacement for nfct_compare a bit more flexible) - add nfct_copy - conditional build of original and reply tuples - fix secmark parsing --- src/conntrack/api.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) (limited to 'src/conntrack/api.c') diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 04f78ed..bd6a154 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -671,6 +671,8 @@ int nfct_snprintf(char *buf, * * If both conntrack object are equal, this function returns 1, otherwise * 0 is returned. + * + * NOTICE: The use nfct_cmp is preferred. */ int nfct_compare(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2) @@ -678,5 +680,68 @@ int nfct_compare(const struct nf_conntrack *ct1, assert(ct1 != NULL); assert(ct2 != NULL); - return __compare(ct1, ct2); + return __compare(ct1, ct2, NFCT_CMP_ALL); +} + +/** + * nfct_cmp - compare two conntrack objects + * @ct1: pointer to a valid conntrack object + * @ct2: pointer to a valid conntrack object + * @flags: flags + * + * This function only compare attribute set in both objects, ie. if a certain + * attribute is not set in ct1 but it is in ct2, then the value of such + * attribute is not used in the comparison. + * + * The available flags are: + * + * - NFCT_CMP_ALL: full comparison of both objects + * - NFCT_CMP_ORIG: it only compares the source and destination address; + * source and destination ports; and the layer 3 and 4 protocol numbers + * of the original direction. + * - NFCT_CMP_REPL: like NFCT_CMP_REPL but it compares the flow + * information that goes in the reply direction. + * + * If both conntrack object are equal, this function returns 1, otherwise + * 0 is returned. + */ +int nfct_cmp(const struct nf_conntrack *ct1, + const struct nf_conntrack *ct2, + unsigned int flags) +{ + assert(ct1 != NULL); + assert(ct2 != NULL); + + return __compare(ct1, ct2, flags); +} + +/** + * nfct_copy - copy part of one source object to another + * @ct1: destination object + * @ct2: source object + * @flags: flags + * + * This function copies one part of the source object to the target. + * It behaves like clone but: + * + * 1) You have to pass an already allocated space for the target object + * 2) You can copy only a part of the source object to the target + * + * The current supported flags are NFCT_CP_ORIG and NFCT_CP_REPL that + * can be used to copy the information that identifies a flow in the + * original and the reply direction. This information is usually composed + * of: source and destination IP address; source and destination ports; + * layer 3 and 4 protocol number. + */ +void nfct_copy(struct nf_conntrack *ct1, + const struct nf_conntrack *ct2, + unsigned int flags) +{ + assert(ct1 != NULL); + assert(ct2 != NULL); + + if (flags & NFCT_CP_ORIG) + __copy_tuple(ct1, ct2, __DIR_ORIG); + if (flags & NFCT_CP_REPL) + __copy_tuple(ct1, ct2, __DIR_REPL); } -- cgit v1.2.3