summaryrefslogtreecommitdiffstats
path: root/src/conntrack/compare.c
diff options
context:
space:
mode:
authorDaniel Borkmann <daniel@iogearbox.net>2015-08-25 14:22:41 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-09-29 20:39:26 +0200
commitd3d2bee2d9ebd565e006f213c76cfa316b5e5ab1 (patch)
treeba853d38ef24d856cc24a1fd8365cc41749126c4 /src/conntrack/compare.c
parentca8fa0b9f03968d5077af162010d670631089b6a (diff)
conntrack: add zone attribute to tuple
This patch adds the front-end to the recent ctnetlink interface changes that add the zone attribute into the tuple. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/compare.c')
-rw-r--r--src/conntrack/compare.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c
index e15ba93..8b2f3cb 100644
--- a/src/conntrack/compare.c
+++ b/src/conntrack/compare.c
@@ -149,6 +149,15 @@ cmp_orig_ipv6_dst(const struct nf_conntrack *ct1,
sizeof(struct in6_addr)) == 0);
}
+static int
+cmp_orig_zone(const struct nf_conntrack *ct1,
+ const struct nf_conntrack *ct2,
+ unsigned int flags)
+{
+ return nfct_get_attr_u16(ct1, ATTR_ORIG_ZONE) ==
+ nfct_get_attr_u16(ct2, ATTR_ORIG_ZONE);
+}
+
int __cmp_orig(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
@@ -165,6 +174,8 @@ int __cmp_orig(const struct nf_conntrack *ct1,
return 0;
if (!__cmp(ATTR_ORIG_IPV6_DST, ct1, ct2, flags, cmp_orig_ipv6_dst, true))
return 0;
+ if (!__cmp(ATTR_ORIG_ZONE, ct1, ct2, flags, cmp_orig_zone, false))
+ return 0;
return 1;
}
@@ -259,6 +270,15 @@ cmp_repl_ipv6_dst(const struct nf_conntrack *ct1,
sizeof(struct in6_addr)) == 0);
}
+static int
+cmp_repl_zone(const struct nf_conntrack *ct1,
+ const struct nf_conntrack *ct2,
+ unsigned int flags)
+{
+ return nfct_get_attr_u16(ct1, ATTR_REPL_ZONE) ==
+ nfct_get_attr_u16(ct2, ATTR_REPL_ZONE);
+}
+
static int cmp_repl(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
@@ -275,6 +295,8 @@ static int cmp_repl(const struct nf_conntrack *ct1,
return 0;
if (!__cmp(ATTR_REPL_IPV6_DST, ct1, ct2, flags, cmp_repl_ipv6_dst, true))
return 0;
+ if (!__cmp(ATTR_REPL_ZONE, ct1, ct2, flags, cmp_repl_zone, false))
+ return 0;
return 1;
}