From 71006b474001e697a30719d1ae3e66fefa9f181b Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Fri, 16 May 2008 11:31:33 +0000 Subject: compare layer 3 and layer 4 protocol number before addresses --- src/conntrack/compare.c | 56 ++++++++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c index 06afbe6..d1597c3 100644 --- a/src/conntrack/compare.c +++ b/src/conntrack/compare.c @@ -10,6 +10,20 @@ static int cmp_orig(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2) { + if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) && + test_bit(ATTR_ORIG_L3PROTO, ct2->set) && + ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC && + ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC && + ct1->tuple[__DIR_ORIG].l3protonum != + ct2->tuple[__DIR_ORIG].l3protonum) + return 0; + + if (test_bit(ATTR_ORIG_L4PROTO, ct1->set) && + test_bit(ATTR_ORIG_L4PROTO, ct2->set) && + ct1->tuple[__DIR_ORIG].protonum != + ct2->tuple[__DIR_ORIG].protonum) + return 0; + if (test_bit(ATTR_ORIG_IPV4_SRC, ct1->set) && test_bit(ATTR_ORIG_IPV4_SRC, ct2->set) && ct1->tuple[__DIR_ORIG].src.v4 != @@ -36,26 +50,26 @@ static int cmp_orig(const struct nf_conntrack *ct1, sizeof(u_int32_t)*4) == 0) return 0; - if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) && - test_bit(ATTR_ORIG_L3PROTO, ct2->set) && - ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC && - ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC && - ct1->tuple[__DIR_ORIG].l3protonum != - ct2->tuple[__DIR_ORIG].l3protonum) - return 0; - - if (test_bit(ATTR_ORIG_L4PROTO, ct1->set) && - test_bit(ATTR_ORIG_L4PROTO, ct2->set) && - ct1->tuple[__DIR_ORIG].protonum != - ct2->tuple[__DIR_ORIG].protonum) - return 0; - return 1; } static int cmp_repl(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2) { + if (test_bit(ATTR_REPL_L3PROTO, ct1->set) && + test_bit(ATTR_REPL_L3PROTO, ct2->set) && + ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC && + ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC && + ct1->tuple[__DIR_REPL].l3protonum != + ct2->tuple[__DIR_REPL].l3protonum) + return 0; + + if (test_bit(ATTR_REPL_L4PROTO, ct1->set) && + test_bit(ATTR_REPL_L4PROTO, ct2->set) && + ct1->tuple[__DIR_REPL].protonum != + ct2->tuple[__DIR_REPL].protonum) + return 0; + if (test_bit(ATTR_REPL_IPV4_SRC, ct1->set) && test_bit(ATTR_REPL_IPV4_SRC, ct2->set) && ct1->tuple[__DIR_REPL].src.v4 != @@ -82,20 +96,6 @@ static int cmp_repl(const struct nf_conntrack *ct1, sizeof(u_int32_t)*4) == 0) return 0; - if (test_bit(ATTR_REPL_L3PROTO, ct1->set) && - test_bit(ATTR_REPL_L3PROTO, ct2->set) && - ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC && - ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC && - ct1->tuple[__DIR_REPL].l3protonum != - ct2->tuple[__DIR_REPL].l3protonum) - return 0; - - if (test_bit(ATTR_REPL_L4PROTO, ct1->set) && - test_bit(ATTR_REPL_L4PROTO, ct2->set) && - ct1->tuple[__DIR_REPL].protonum != - ct2->tuple[__DIR_REPL].protonum) - return 0; - return 1; } -- cgit v1.2.3