1 files changed, 34 insertions, 8 deletions

diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c
index 0280638..06afbe6 100644
--- a/src/conntrack/compare.c
+++ b/src/conntrack/compare.c
@@ -100,21 +100,47 @@ static int cmp_repl(const struct nf_conntrack *ct1,
 }
 
 static int cmp_meta(const struct nf_conntrack *ct1,
-		    const struct nf_conntrack *ct2)
+		    const struct nf_conntrack *ct2,
+		    unsigned int flags)
 {
+	if (test_bit(ATTR_ID, ct1->set) &&
+	    test_bit(ATTR_ID, ct2->set) &&
+	    ct1->id != ct2->id)
+		return 0;
+
 	if (test_bit(ATTR_MARK, ct1->set) && 
 	    test_bit(ATTR_MARK, ct2->set) &&
 	    ct1->mark != ct2->mark)
 	    	return 0;
 
 	if (test_bit(ATTR_TIMEOUT, ct1->set) &&
-	    test_bit(ATTR_TIMEOUT, ct2->set) &&
-	    ct1->timeout != ct2->timeout)
-	    	return 0;
+	    test_bit(ATTR_TIMEOUT, ct2->set)) {
+	    	int ret = 0;
+
+#define __NFCT_CMP_TIMEOUT (NFCT_CMP_TIMEOUT_LE | NFCT_CMP_TIMEOUT_GT)
+
+		if (!(flags & __NFCT_CMP_TIMEOUT) &&
+		    ct1->timeout != ct2->timeout)
+		    	return 0;
+		else {
+			if (flags & NFCT_CMP_TIMEOUT_GT &&
+			    ct1->timeout > ct2->timeout)
+				ret = 1;
+			else if (flags & NFCT_CMP_TIMEOUT_LT &&
+				 ct1->timeout < ct2->timeout)
+			    	ret = 1;
+			else if (flags & NFCT_CMP_TIMEOUT_EQ &&
+				 ct1->timeout == ct2->timeout)
+				ret = 1;
+
+		    	if (ret == 0)
+				return 0;
+		}
+	}
 
 	if (test_bit(ATTR_STATUS, ct1->set) &&
 	    test_bit(ATTR_STATUS, ct2->set) &&
-	    ct1->status == ct2->status)
+	    !((ct1->status & ct2->status) == ct1->status))
 	    	return 0;
 
 	if (test_bit(ATTR_TCP_STATE, ct1->set) &&
@@ -130,9 +156,9 @@ int __compare(const struct nf_conntrack *ct1,
 	      unsigned int flags)
 {
 	if (flags == NFCT_CMP_ALL)
-		return cmp_orig(ct1, ct2) &&
-		       cmp_repl(ct1, ct2) &&
-		       cmp_meta(ct1, ct2);
+		return cmp_meta(ct1, ct2, flags) &&
+		       cmp_orig(ct1, ct2) &&
+		       cmp_repl(ct1, ct2);
 
 	if (flags & NFCT_CMP_ORIG && !cmp_orig(ct1, ct2))
 		return 0;