[conntrack-tools] conntrack: fix mark-based filtering for event display

Thu Oct 2 17:17:35 CEST 2008

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=6e5b823c8c33245d9e40a01c8ce514bc7bc489a1
commit 6e5b823c8c33245d9e40a01c8ce514bc7bc489a1
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Oct 2 17:17:10 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Oct 2 17:17:10 2008 +0200

    conntrack: fix mark-based filtering for event display
    
    The mark-based filtering for events does not work if the mark is not
    present in the event message. This happens because nfct_cmp() skips
    the comparison of the compared objects since it they do not have the
    same attributes set. This patch make use of the new NFCT_CMP_MASK
    flag that returns false if the first object passed as parameter is
    set and the second is not.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  6e5b823c8c33245d9e40a01c8ce514bc7bc489a1 (commit)
      from  1c2772d3e5f77022649410d9f5787221cc38573f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6e5b823c8c33245d9e40a01c8ce514bc7bc489a1
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Oct 2 17:17:10 2008 +0200

    conntrack: fix mark-based filtering for event display
    
    The mark-based filtering for events does not work if the mark is not
    present in the event message. This happens because nfct_cmp() skips
    the comparison of the compared objects since it they do not have the
    same attributes set. This patch make use of the new NFCT_CMP_MASK
    flag that returns false if the first object passed as parameter is
    set and the second is not.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 src/conntrack.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)
The mark-based filtering for events does not work if the mark is not
present in the event message. This happens because nfct_cmp() skips
the comparison of the compared objects since it they do not have the
same attributes set. This patch make use of the new NFCT_CMP_MASK
flag that returns false if the first object passed as parameter is
set and the second is not.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/conntrack.c b/src/conntrack.c
index f7b9363..73c102b 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -634,7 +634,8 @@ static int event_cb(enum nf_conntrack_msg_type type,
 	if (ignore_nat(obj, ct))
 		return NFCT_CB_CONTINUE;
 
-	if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL))
+	if (options & CT_COMPARISON &&
+	    !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
 		return NFCT_CB_CONTINUE;
 
 	if (output_mask & _O_XML) {
@@ -680,7 +681,8 @@ static int dump_cb(enum nf_conntrack_msg_type type,
 	if (ignore_nat(obj, ct))
 		return NFCT_CB_CONTINUE;
 
-	if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL))
+	if (options & CT_COMPARISON &&
+	    !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
 		return NFCT_CB_CONTINUE;
 
 	if (output_mask & _O_XML) {
@@ -717,7 +719,8 @@ static int delete_cb(enum nf_conntrack_msg_type type,
 	if (ignore_nat(obj, ct))
 		return NFCT_CB_CONTINUE;
 
-	if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL))
+	if (options & CT_COMPARISON &&
+	    !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
 		return NFCT_CB_CONTINUE;
 
 	res = nfct_query(ith, NFCT_Q_DESTROY, ct);

