From 8aa719eb1afb6c6e0a5bf74cbdab79dc82da6c80 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Mon, 26 Dec 2005 02:29:02 +0000 Subject: o add IPv6 support o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit. --- extensions/libnetfilter_conntrack_tcp.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'extensions/libnetfilter_conntrack_tcp.c') diff --git a/extensions/libnetfilter_conntrack_tcp.c b/extensions/libnetfilter_conntrack_tcp.c index dc50315..9efdbb7 100644 --- a/extensions/libnetfilter_conntrack_tcp.c +++ b/extensions/libnetfilter_conntrack_tcp.c @@ -98,29 +98,27 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & TCP_ORIG_SPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port) - ret = 0; + return 0; if (flags & TCP_ORIG_DPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port) - ret = 0; + return 0; if (flags & TCP_REPL_SPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4src.tcp.port != ct2->tuple[NFCT_DIR_REPLY].l4src.tcp.port) - ret = 0; + return 0; if (flags & TCP_REPL_DPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4dst.tcp.port != ct2->tuple[NFCT_DIR_REPLY].l4dst.tcp.port) - ret = 0; + return 0; if (flags & TCP_STATE) if (ct1->protoinfo.tcp.state != ct2->protoinfo.tcp.state) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto tcp = { -- cgit v1.2.3