From 6e5b823c8c33245d9e40a01c8ce514bc7bc489a1 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 2 Oct 2008 17:17:10 +0200 Subject: conntrack: fix mark-based filtering for event display The mark-based filtering for events does not work if the mark is not present in the event message. This happens because nfct_cmp() skips the comparison of the compared objects since it they do not have the same attributes set. This patch make use of the new NFCT_CMP_MASK flag that returns false if the first object passed as parameter is set and the second is not. Signed-off-by: Pablo Neira Ayuso --- src/conntrack.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src/conntrack.c') diff --git a/src/conntrack.c b/src/conntrack.c index f7b9363..73c102b 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -634,7 +634,8 @@ static int event_cb(enum nf_conntrack_msg_type type, if (ignore_nat(obj, ct)) return NFCT_CB_CONTINUE; - if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL)) + if (options & CT_COMPARISON && + !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) return NFCT_CB_CONTINUE; if (output_mask & _O_XML) { @@ -680,7 +681,8 @@ static int dump_cb(enum nf_conntrack_msg_type type, if (ignore_nat(obj, ct)) return NFCT_CB_CONTINUE; - if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL)) + if (options & CT_COMPARISON && + !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) return NFCT_CB_CONTINUE; if (output_mask & _O_XML) { @@ -717,7 +719,8 @@ static int delete_cb(enum nf_conntrack_msg_type type, if (ignore_nat(obj, ct)) return NFCT_CB_CONTINUE; - if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL)) + if (options & CT_COMPARISON && + !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) return NFCT_CB_CONTINUE; res = nfct_query(ith, NFCT_Q_DESTROY, ct); -- cgit v1.2.3