[netfilter-cvslog] r7529 - trunk/libnetfilter_conntrack/src/conntrack
pablo at netfilter.org
pablo at netfilter.org
Fri May 16 13:31:34 CEST 2008
Author: pablo at netfilter.org
Date: 2008-05-16 13:31:33 +0200 (Fri, 16 May 2008)
New Revision: 7529
Modified:
trunk/libnetfilter_conntrack/src/conntrack/compare.c
Log:
compare layer 3 and layer 4 protocol number before addresses
Modified: trunk/libnetfilter_conntrack/src/conntrack/compare.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/compare.c 2008-05-15 14:36:22 UTC (rev 7528)
+++ trunk/libnetfilter_conntrack/src/conntrack/compare.c 2008-05-16 11:31:33 UTC (rev 7529)
@@ -10,6 +10,20 @@
static int cmp_orig(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2)
{
+ if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) &&
+ test_bit(ATTR_ORIG_L3PROTO, ct2->set) &&
+ ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
+ ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
+ ct1->tuple[__DIR_ORIG].l3protonum !=
+ ct2->tuple[__DIR_ORIG].l3protonum)
+ return 0;
+
+ if (test_bit(ATTR_ORIG_L4PROTO, ct1->set) &&
+ test_bit(ATTR_ORIG_L4PROTO, ct2->set) &&
+ ct1->tuple[__DIR_ORIG].protonum !=
+ ct2->tuple[__DIR_ORIG].protonum)
+ return 0;
+
if (test_bit(ATTR_ORIG_IPV4_SRC, ct1->set) &&
test_bit(ATTR_ORIG_IPV4_SRC, ct2->set) &&
ct1->tuple[__DIR_ORIG].src.v4 !=
@@ -36,26 +50,26 @@
sizeof(u_int32_t)*4) == 0)
return 0;
- if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) &&
- test_bit(ATTR_ORIG_L3PROTO, ct2->set) &&
- ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
- ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
- ct1->tuple[__DIR_ORIG].l3protonum !=
- ct2->tuple[__DIR_ORIG].l3protonum)
- return 0;
-
- if (test_bit(ATTR_ORIG_L4PROTO, ct1->set) &&
- test_bit(ATTR_ORIG_L4PROTO, ct2->set) &&
- ct1->tuple[__DIR_ORIG].protonum !=
- ct2->tuple[__DIR_ORIG].protonum)
- return 0;
-
return 1;
}
static int cmp_repl(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2)
{
+ if (test_bit(ATTR_REPL_L3PROTO, ct1->set) &&
+ test_bit(ATTR_REPL_L3PROTO, ct2->set) &&
+ ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
+ ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
+ ct1->tuple[__DIR_REPL].l3protonum !=
+ ct2->tuple[__DIR_REPL].l3protonum)
+ return 0;
+
+ if (test_bit(ATTR_REPL_L4PROTO, ct1->set) &&
+ test_bit(ATTR_REPL_L4PROTO, ct2->set) &&
+ ct1->tuple[__DIR_REPL].protonum !=
+ ct2->tuple[__DIR_REPL].protonum)
+ return 0;
+
if (test_bit(ATTR_REPL_IPV4_SRC, ct1->set) &&
test_bit(ATTR_REPL_IPV4_SRC, ct2->set) &&
ct1->tuple[__DIR_REPL].src.v4 !=
@@ -82,20 +96,6 @@
sizeof(u_int32_t)*4) == 0)
return 0;
- if (test_bit(ATTR_REPL_L3PROTO, ct1->set) &&
- test_bit(ATTR_REPL_L3PROTO, ct2->set) &&
- ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
- ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
- ct1->tuple[__DIR_REPL].l3protonum !=
- ct2->tuple[__DIR_REPL].l3protonum)
- return 0;
-
- if (test_bit(ATTR_REPL_L4PROTO, ct1->set) &&
- test_bit(ATTR_REPL_L4PROTO, ct2->set) &&
- ct1->tuple[__DIR_REPL].protonum !=
- ct2->tuple[__DIR_REPL].protonum)
- return 0;
-
return 1;
}
More information about the netfilter-cvslog
mailing list