From 8ee6d3dd791e01872695f708e73d734219b8fea9 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Wed, 16 Apr 2008 14:46:17 +0000
Subject: - bump version to 0.0.92 - recover the ID support - add support for
 timeout comparison - ignore set operation for counters and use attributes -
 fix broken status comparison - statify several __snprintf functions

---
 src/conntrack/compare.c | 42 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 34 insertions(+), 8 deletions(-)

(limited to 'src/conntrack/compare.c')

diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c
index 0280638..06afbe6 100644
--- a/src/conntrack/compare.c
+++ b/src/conntrack/compare.c
@@ -100,21 +100,47 @@ static int cmp_repl(const struct nf_conntrack *ct1,
 }
 
 static int cmp_meta(const struct nf_conntrack *ct1,
-		    const struct nf_conntrack *ct2)
+		    const struct nf_conntrack *ct2,
+		    unsigned int flags)
 {
+	if (test_bit(ATTR_ID, ct1->set) &&
+	    test_bit(ATTR_ID, ct2->set) &&
+	    ct1->id != ct2->id)
+		return 0;
+
 	if (test_bit(ATTR_MARK, ct1->set) && 
 	    test_bit(ATTR_MARK, ct2->set) &&
 	    ct1->mark != ct2->mark)
 	    	return 0;
 
 	if (test_bit(ATTR_TIMEOUT, ct1->set) &&
-	    test_bit(ATTR_TIMEOUT, ct2->set) &&
-	    ct1->timeout != ct2->timeout)
-	    	return 0;
+	    test_bit(ATTR_TIMEOUT, ct2->set)) {
+	    	int ret = 0;
+
+#define __NFCT_CMP_TIMEOUT (NFCT_CMP_TIMEOUT_LE | NFCT_CMP_TIMEOUT_GT)
+
+		if (!(flags & __NFCT_CMP_TIMEOUT) &&
+		    ct1->timeout != ct2->timeout)
+		    	return 0;
+		else {
+			if (flags & NFCT_CMP_TIMEOUT_GT &&
+			    ct1->timeout > ct2->timeout)
+				ret = 1;
+			else if (flags & NFCT_CMP_TIMEOUT_LT &&
+				 ct1->timeout < ct2->timeout)
+			    	ret = 1;
+			else if (flags & NFCT_CMP_TIMEOUT_EQ &&
+				 ct1->timeout == ct2->timeout)
+				ret = 1;
+
+		    	if (ret == 0)
+				return 0;
+		}
+	}
 
 	if (test_bit(ATTR_STATUS, ct1->set) &&
 	    test_bit(ATTR_STATUS, ct2->set) &&
-	    ct1->status == ct2->status)
+	    !((ct1->status & ct2->status) == ct1->status))
 	    	return 0;
 
 	if (test_bit(ATTR_TCP_STATE, ct1->set) &&
@@ -130,9 +156,9 @@ int __compare(const struct nf_conntrack *ct1,
 	      unsigned int flags)
 {
 	if (flags == NFCT_CMP_ALL)
-		return cmp_orig(ct1, ct2) &&
-		       cmp_repl(ct1, ct2) &&
-		       cmp_meta(ct1, ct2);
+		return cmp_meta(ct1, ct2, flags) &&
+		       cmp_orig(ct1, ct2) &&
+		       cmp_repl(ct1, ct2);
 
 	if (flags & NFCT_CMP_ORIG && !cmp_orig(ct1, ct2))
 		return 0;
-- 
cgit v1.2.3