This patch enables comparison of 0 value with mark and zone since
both CTA_MARK and CTA_ZONE are not set in case of its value is 0.
These changes has been done in cmp_meta() and its own cmp function
as Florian pointed out.
This enables `conntrack -L --zone 0' to work expctedly too.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx>
---
src/conntrack/compare.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c
index f4a194a..384050e 100644
--- a/src/conntrack/compare.c
+++ b/src/conntrack/compare.c
@@ -291,7 +291,10 @@ cmp_mark(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->mark == ct2->mark);
+ return (flags & NFCT_CMP_MASK &&
+ !test_bit(ATTR_MARK, ct1->head.set)) ||
+ nfct_get_attr_u32(ct1, ATTR_MARK)
+ == nfct_get_attr_u32(ct2, ATTR_MARK);
}
static int
@@ -357,7 +360,10 @@ cmp_zone(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->zone == ct2->zone);
+ return (flags & NFCT_CMP_MASK &&
+ !test_bit(ATTR_ZONE, ct1->head.set)) ||
+ nfct_get_attr_u16(ct1, ATTR_ZONE)
+ == nfct_get_attr_u16(ct2, ATTR_ZONE);
}
static int
@@ -421,7 +427,7 @@ static int cmp_meta(const struct nf_conntrack *ct1,
{
if (!__cmp(ATTR_ID, ct1, ct2, flags, cmp_id))
return 0;
- if (!__cmp(ATTR_MARK, ct1, ct2, flags, cmp_mark))
+ if (!cmp_mark(ct1, ct2, flags))
return 0;
if (!__cmp(ATTR_TIMEOUT, ct1, ct2, flags, cmp_timeout))
return 0;
@@ -433,7 +439,7 @@ static int cmp_meta(const struct nf_conntrack *ct1,
return 0;
if (!__cmp(ATTR_DCCP_STATE, ct1, ct2, flags, cmp_dccp_state))
return 0;
- if (!__cmp(ATTR_ZONE, ct1, ct2, flags, cmp_zone))
+ if (!cmp_zone(ct1, ct2, flags))
return 0;
if (!__cmp(ATTR_SECCTX, ct1, ct2, flags, cmp_secctx))
return 0;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
