From d3d2bee2d9ebd565e006f213c76cfa316b5e5ab1 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Tue, 25 Aug 2015 14:22:41 +0200 Subject: conntrack: add zone attribute to tuple This patch adds the front-end to the recent ctnetlink interface changes that add the zone attribute into the tuple. Signed-off-by: Daniel Borkmann Signed-off-by: Pablo Neira Ayuso --- src/conntrack/compare.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'src/conntrack/compare.c') diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c index e15ba93..8b2f3cb 100644 --- a/src/conntrack/compare.c +++ b/src/conntrack/compare.c @@ -149,6 +149,15 @@ cmp_orig_ipv6_dst(const struct nf_conntrack *ct1, sizeof(struct in6_addr)) == 0); } +static int +cmp_orig_zone(const struct nf_conntrack *ct1, + const struct nf_conntrack *ct2, + unsigned int flags) +{ + return nfct_get_attr_u16(ct1, ATTR_ORIG_ZONE) == + nfct_get_attr_u16(ct2, ATTR_ORIG_ZONE); +} + int __cmp_orig(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) @@ -165,6 +174,8 @@ int __cmp_orig(const struct nf_conntrack *ct1, return 0; if (!__cmp(ATTR_ORIG_IPV6_DST, ct1, ct2, flags, cmp_orig_ipv6_dst, true)) return 0; + if (!__cmp(ATTR_ORIG_ZONE, ct1, ct2, flags, cmp_orig_zone, false)) + return 0; return 1; } @@ -259,6 +270,15 @@ cmp_repl_ipv6_dst(const struct nf_conntrack *ct1, sizeof(struct in6_addr)) == 0); } +static int +cmp_repl_zone(const struct nf_conntrack *ct1, + const struct nf_conntrack *ct2, + unsigned int flags) +{ + return nfct_get_attr_u16(ct1, ATTR_REPL_ZONE) == + nfct_get_attr_u16(ct2, ATTR_REPL_ZONE); +} + static int cmp_repl(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) @@ -275,6 +295,8 @@ static int cmp_repl(const struct nf_conntrack *ct1, return 0; if (!__cmp(ATTR_REPL_IPV6_DST, ct1, ct2, flags, cmp_repl_ipv6_dst, true)) return 0; + if (!__cmp(ATTR_REPL_ZONE, ct1, ct2, flags, cmp_repl_zone, false)) + return 0; return 1; } -- cgit v1.2.3