From c3704c0e73d0dda9d9d5919af22831a439fbc611 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Sun, 13 Apr 2008 00:38:09 +0000
Subject: - add nfct_cmp (replacement for nfct_compare a bit more flexible) -
 add nfct_copy - conditional build of original and reply tuples - fix secmark
 parsing

---
 src/conntrack/build.c | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

(limited to 'src/conntrack/build.c')

diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index cf65ef3..638fbe2 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -307,8 +307,35 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
 
 	nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags);
 
-	__build_tuple(req, size, &ct->tuple[__DIR_ORIG], CTA_TUPLE_ORIG);
-	__build_tuple(req, size, &ct->tuple[__DIR_REPL], CTA_TUPLE_REPLY);
+	if (test_bit(ATTR_ORIG_IPV4_SRC, ct->set) ||
+	    test_bit(ATTR_ORIG_IPV4_DST, ct->set) ||
+	    test_bit(ATTR_ORIG_IPV6_SRC, ct->set) ||
+	    test_bit(ATTR_ORIG_IPV6_DST, ct->set) ||
+	    test_bit(ATTR_ORIG_PORT_SRC, ct->set) ||
+	    test_bit(ATTR_ORIG_PORT_DST, ct->set) ||
+	    test_bit(ATTR_ORIG_L3PROTO, ct->set)  ||
+	    test_bit(ATTR_ORIG_L4PROTO, ct->set)  ||
+	    test_bit(ATTR_ICMP_TYPE, ct->set) 	  ||
+	    test_bit(ATTR_ICMP_CODE, ct->set)	  ||
+	    test_bit(ATTR_ICMP_ID, ct->set))
+		__build_tuple(req, size,
+			      &ct->tuple[__DIR_ORIG], 
+			      CTA_TUPLE_ORIG);
+
+	if (test_bit(ATTR_REPL_IPV4_SRC, ct->set) ||
+	    test_bit(ATTR_REPL_IPV4_DST, ct->set) ||
+	    test_bit(ATTR_REPL_IPV6_SRC, ct->set) ||
+	    test_bit(ATTR_REPL_IPV6_DST, ct->set) ||
+	    test_bit(ATTR_REPL_PORT_SRC, ct->set) ||
+	    test_bit(ATTR_REPL_PORT_DST, ct->set) ||
+	    test_bit(ATTR_REPL_L3PROTO, ct->set)  ||
+	    test_bit(ATTR_REPL_L4PROTO, ct->set)  ||
+	    test_bit(ATTR_ICMP_TYPE, ct->set) 	  ||
+	    test_bit(ATTR_ICMP_CODE, ct->set)	  ||
+	    test_bit(ATTR_ICMP_ID, ct->set))
+		__build_tuple(req, size, 
+			      &ct->tuple[__DIR_REPL],
+			      CTA_TUPLE_REPLY);
 
 	if (test_bit(ATTR_MASTER_IPV4_SRC, ct->set) ||
 	    test_bit(ATTR_MASTER_IPV4_DST, ct->set) ||
-- 
cgit v1.2.3