Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx> wrote:
> 2014-06-12 18:48 GMT+09:00 Florian Westphal <fw@xxxxxxxxx>:
> > What about this:
> >
> > static int cmp_zone(const struct nf_conntrack *ct1,
> > const struct nf_conntrack *ct2, unsigned int flags)
> > {
> > return nfct_get_attr_u16(ct1, ATTR_ZONE) == nfct_get_attr_u16(ct2, ATTR_ZONE);
> > }
> >
> > Then it should be sufficient to not call __cmp at all, i.e.:
> >
> > - if (!__cmp(ATTR_ZONE, ct1, ct2, flags, cmp_zone))
> > + if (!cmp_zone(ct1, ct2, flags))
> >
> > ct1 and ct2 zones would then always be equal except if
> > both have ATTR_ZONE set and the zones are different.
>
> Sorry, it did not work with NFCT_CMP_MASK in case of
> only ct2 has attr. We need to think of NCFT_CMP_MASK
> as you told.
i
Why? cmp_zone() does not evaluate the 'flags' paramter.
So, if only ct2 has attr:
nfct_get_attr_u16(ct1, ATTR_ZONE) -> returns 0
nfct_get_attr_u16(ct2, ATTR_ZONE) -> returns the zone id
ct1 and ct2 would be equal if ct2 zone is 0.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
