summaryrefslogtreecommitdiffstats
path: root/src/conntrack/build.c
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-04-13 00:38:09 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-04-13 00:38:09 +0000
commitc3704c0e73d0dda9d9d5919af22831a439fbc611 (patch)
tree85dd4d2f6e0308a196b097273d6e28cfe038d792 /src/conntrack/build.c
parent721a93769a15c0f579a389ad58d82d14d13f7f93 (diff)
- add nfct_cmp (replacement for nfct_compare a bit more flexible)
- add nfct_copy - conditional build of original and reply tuples - fix secmark parsing
Diffstat (limited to 'src/conntrack/build.c')
-rw-r--r--src/conntrack/build.c31
1 files changed, 29 insertions, 2 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index cf65ef3..638fbe2 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -307,8 +307,35 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags);
- __build_tuple(req, size, &ct->tuple[__DIR_ORIG], CTA_TUPLE_ORIG);
- __build_tuple(req, size, &ct->tuple[__DIR_REPL], CTA_TUPLE_REPLY);
+ if (test_bit(ATTR_ORIG_IPV4_SRC, ct->set) ||
+ test_bit(ATTR_ORIG_IPV4_DST, ct->set) ||
+ test_bit(ATTR_ORIG_IPV6_SRC, ct->set) ||
+ test_bit(ATTR_ORIG_IPV6_DST, ct->set) ||
+ test_bit(ATTR_ORIG_PORT_SRC, ct->set) ||
+ test_bit(ATTR_ORIG_PORT_DST, ct->set) ||
+ test_bit(ATTR_ORIG_L3PROTO, ct->set) ||
+ test_bit(ATTR_ORIG_L4PROTO, ct->set) ||
+ test_bit(ATTR_ICMP_TYPE, ct->set) ||
+ test_bit(ATTR_ICMP_CODE, ct->set) ||
+ test_bit(ATTR_ICMP_ID, ct->set))
+ __build_tuple(req, size,
+ &ct->tuple[__DIR_ORIG],
+ CTA_TUPLE_ORIG);
+
+ if (test_bit(ATTR_REPL_IPV4_SRC, ct->set) ||
+ test_bit(ATTR_REPL_IPV4_DST, ct->set) ||
+ test_bit(ATTR_REPL_IPV6_SRC, ct->set) ||
+ test_bit(ATTR_REPL_IPV6_DST, ct->set) ||
+ test_bit(ATTR_REPL_PORT_SRC, ct->set) ||
+ test_bit(ATTR_REPL_PORT_DST, ct->set) ||
+ test_bit(ATTR_REPL_L3PROTO, ct->set) ||
+ test_bit(ATTR_REPL_L4PROTO, ct->set) ||
+ test_bit(ATTR_ICMP_TYPE, ct->set) ||
+ test_bit(ATTR_ICMP_CODE, ct->set) ||
+ test_bit(ATTR_ICMP_ID, ct->set))
+ __build_tuple(req, size,
+ &ct->tuple[__DIR_REPL],
+ CTA_TUPLE_REPLY);
if (test_bit(ATTR_MASTER_IPV4_SRC, ct->set) ||
test_bit(ATTR_MASTER_IPV4_DST, ct->set) ||