diff options
author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-04-16 14:46:17 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-04-16 14:46:17 +0000 |
commit | 8ee6d3dd791e01872695f708e73d734219b8fea9 (patch) | |
tree | 9242437baea1563d4e94a4df71c6aed674d98f3b /src/conntrack/compare.c | |
parent | 8261ca9a3e4d96963bf67e241f945cca78895794 (diff) |
- bump version to 0.0.92
- recover the ID support
- add support for timeout comparison
- ignore set operation for counters and use attributes
- fix broken status comparison
- statify several __snprintf functions
Diffstat (limited to 'src/conntrack/compare.c')
-rw-r--r-- | src/conntrack/compare.c | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c index 0280638..06afbe6 100644 --- a/src/conntrack/compare.c +++ b/src/conntrack/compare.c @@ -100,21 +100,47 @@ static int cmp_repl(const struct nf_conntrack *ct1, } static int cmp_meta(const struct nf_conntrack *ct1, - const struct nf_conntrack *ct2) + const struct nf_conntrack *ct2, + unsigned int flags) { + if (test_bit(ATTR_ID, ct1->set) && + test_bit(ATTR_ID, ct2->set) && + ct1->id != ct2->id) + return 0; + if (test_bit(ATTR_MARK, ct1->set) && test_bit(ATTR_MARK, ct2->set) && ct1->mark != ct2->mark) return 0; if (test_bit(ATTR_TIMEOUT, ct1->set) && - test_bit(ATTR_TIMEOUT, ct2->set) && - ct1->timeout != ct2->timeout) - return 0; + test_bit(ATTR_TIMEOUT, ct2->set)) { + int ret = 0; + +#define __NFCT_CMP_TIMEOUT (NFCT_CMP_TIMEOUT_LE | NFCT_CMP_TIMEOUT_GT) + + if (!(flags & __NFCT_CMP_TIMEOUT) && + ct1->timeout != ct2->timeout) + return 0; + else { + if (flags & NFCT_CMP_TIMEOUT_GT && + ct1->timeout > ct2->timeout) + ret = 1; + else if (flags & NFCT_CMP_TIMEOUT_LT && + ct1->timeout < ct2->timeout) + ret = 1; + else if (flags & NFCT_CMP_TIMEOUT_EQ && + ct1->timeout == ct2->timeout) + ret = 1; + + if (ret == 0) + return 0; + } + } if (test_bit(ATTR_STATUS, ct1->set) && test_bit(ATTR_STATUS, ct2->set) && - ct1->status == ct2->status) + !((ct1->status & ct2->status) == ct1->status)) return 0; if (test_bit(ATTR_TCP_STATE, ct1->set) && @@ -130,9 +156,9 @@ int __compare(const struct nf_conntrack *ct1, unsigned int flags) { if (flags == NFCT_CMP_ALL) - return cmp_orig(ct1, ct2) && - cmp_repl(ct1, ct2) && - cmp_meta(ct1, ct2); + return cmp_meta(ct1, ct2, flags) && + cmp_orig(ct1, ct2) && + cmp_repl(ct1, ct2); if (flags & NFCT_CMP_ORIG && !cmp_orig(ct1, ct2)) return 0; |