Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx> wrote:
> I see, thanks.
>
> > when we hit the NFCT_CMP_STRICT conditional, i.e.
>
> # I may not understand what you told me...
Understandable, I meant CMP_MASK. But I think we can
get away with an even simpler change.
What about this:
static int cmp_zone(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2, unsigned int flags)
{
return nfct_get_attr_u16(ct1, ATTR_ZONE) == nfct_get_attr_u16(ct2, ATTR_ZONE);
}
Then it should be sufficient to not call __cmp at all, i.e.:
- if (!__cmp(ATTR_ZONE, ct1, ct2, flags, cmp_zone))
+ if (!cmp_zone(ct1, ct2, flags))
ct1 and ct2 zones would then always be equal except if
both have ATTR_ZONE set and the zones are different.
What do you think?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
