summaryrefslogtreecommitdiffstats
path: root/src/conntrack/api.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-10-02 17:06:56 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2008-10-02 17:06:56 +0200
commitfb92f85dcc664ad94c1d2919b729086eee774893 (patch)
tree635e234861ca6916d71bd279cbdcd3525cb84b27 /src/conntrack/api.c
parent8bb0e3049b8a7f67d60ba2deed18584acce4eca6 (diff)
compare: add two new flags for different level of comparisons
This patch adds NFCT_CMP_MASK and NFCT_CMP_STRICT which determines the level of strictness that is applied to the comparison of two conntrack objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r--src/conntrack/api.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 8015440..7943082 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -695,12 +695,20 @@ int nfct_compare(const struct nf_conntrack *ct1,
* @ct2: pointer to a valid conntrack object
* @flags: flags
*
- * This function only compare attribute set in both objects, ie. if a certain
- * attribute is not set in ct1 but it is in ct2, then the value of such
- * attribute is not used in the comparison.
+ * This function only compare attribute set in both objects, by default
+ * the comparison is not strict, ie. if a certain attribute is not set in one
+ * of the objects, then such attribute is not used in the comparison.
+ * If you want more strict comparisons, you can use the appropriate flags
+ * to modify this behaviour (see NFCT_CMP_STRICT and NFCT_CMP_MASK).
*
* The available flags are:
*
+ * - NFCT_CMP_STRICT: the compared objects must have the same attributes
+ * and the same values, otherwise it returns that the objects are
+ * different.
+ * - NFCT_CMP_MASK: the first object is used as mask, this means that
+ * if an attribute is present in ct1 but not in ct2, this function
+ * returns that the objects are different.
* - NFCT_CMP_ALL: full comparison of both objects
* - NFCT_CMP_ORIG: it only compares the source and destination address;
* source and destination ports; the layer 3 and 4 protocol numbers