Hello, thank you for your reply.
2014-06-12 9:18 GMT+09:00 Florian Westphal <fw@xxxxxxxxx>:
> Maybe it is better to alter cmp_meta() and invoke a different
> comparator for MARK and ZONE that will give 'extra chance'
I see, thanks.
> when we hit the NFCT_CMP_STRICT conditional, i.e.
# I may not understand what you told me...
nf_conntrack which is created by --zone 0 options is the first param
of nfct_cmp() with NFCT_CMP_MASK flag in conntrack command,
I think it's better to handle NFCT_CMP_MASK flag too.
How about creating new function __cmp_none_as_zero() which
is called from cmp_meta() in case of ZONE attr and its signature
is the same as __cmp():
return __cmp(attr, ct1, ct2, flags, cmp) ||
(!test_bit(attr, ct1->head.set || nfct_get_attr_u16(ct1,
attr) == 0) &&
(!test_bit(attr, ct2->head.set || nfct_get_attr_u16(ct2,
attr) == 0));
But this can work only for u16 attrs. To work with another size,
I think we need adding switch-case statement of attr length to
code snippet above or adding a new similer functions for it.
Would you tell me which one is better?
Thanks,
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
