Hello,
2014-06-12 18:48 GMT+09:00 Florian Westphal <fw@xxxxxxxxx>:
> What about this:
>
> static int cmp_zone(const struct nf_conntrack *ct1,
> const struct nf_conntrack *ct2, unsigned int flags)
> {
> return nfct_get_attr_u16(ct1, ATTR_ZONE) == nfct_get_attr_u16(ct2, ATTR_ZONE);
> }
>
> Then it should be sufficient to not call __cmp at all, i.e.:
>
> - if (!__cmp(ATTR_ZONE, ct1, ct2, flags, cmp_zone))
> + if (!cmp_zone(ct1, ct2, flags))
>
> ct1 and ct2 zones would then always be equal except if
> both have ATTR_ZONE set and the zones are different.
Sorry, it did not work with NFCT_CMP_MASK in case of
only ct2 has attr. We need to think of NCFT_CMP_MASK
as you told.
static int cmp_zone(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
return (flags & NFCT_CMP_MASK &&
!test_bit(ATTR_ZONE, ct1->head.set)) ||
nfct_get_attr_u16(ct1, ATTR_ZONE)
== nfct_get_attr_u16(ct2, ATTR_ZONE);
}
What about this?
Could I resend the patch if it is acceptable?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
