[PATCH conntrack 2/5] conntrack: consolidate filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Asbjørn Sloth Tønnesen <ast@xxxxxxxxxx>
---
 src/conntrack.c | 57 ++++++++++++++++++++-------------------------------------
 1 file changed, 20 insertions(+), 37 deletions(-)

diff --git a/src/conntrack.c b/src/conntrack.c
index b5a0a13..cb9545b 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1208,6 +1208,21 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
 	return 0;
 }
 
+static int
+nfct_filter(struct nf_conntrack *obj, struct nf_conntrack *ct)
+{
+	if (filter_nat(obj, ct) ||
+	    filter_mark(ct) ||
+	    filter_label(ct))
+		return 1;
+
+	if (options & CT_COMPARISON &&
+	    !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
+		return 1;
+
+	return 0;
+}
+
 static int counter;
 static int dump_xml_header_done = 1;
 
@@ -1248,17 +1263,7 @@ static int event_cb(enum nf_conntrack_msg_type type,
 	unsigned int op_type = NFCT_O_DEFAULT;
 	unsigned int op_flags = 0;
 
-	if (filter_nat(obj, ct))
-		return NFCT_CB_CONTINUE;
-
-	if (filter_mark(ct))
-		return NFCT_CB_CONTINUE;
-
-	if (filter_label(ct))
-		return NFCT_CB_CONTINUE;
-
-	if (options & CT_COMPARISON &&
-	    !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
+	if (nfct_filter(obj, ct))
 		return NFCT_CB_CONTINUE;
 
 	if (output_mask & _O_XML) {
@@ -1303,17 +1308,7 @@ static int dump_cb(enum nf_conntrack_msg_type type,
 	unsigned int op_type = NFCT_O_DEFAULT;
 	unsigned int op_flags = 0;
 
-	if (filter_nat(obj, ct))
-		return NFCT_CB_CONTINUE;
-
-	if (filter_mark(ct))
-		return NFCT_CB_CONTINUE;
-
-	if (filter_label(ct))
-		return NFCT_CB_CONTINUE;
-
-	if (options & CT_COMPARISON &&
-	    !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
+	if (nfct_filter(obj, ct))
 		return NFCT_CB_CONTINUE;
 
 	if (output_mask & _O_XML) {
@@ -1349,17 +1344,7 @@ static int delete_cb(enum nf_conntrack_msg_type type,
 	unsigned int op_type = NFCT_O_DEFAULT;
 	unsigned int op_flags = 0;
 
-	if (filter_nat(obj, ct))
-		return NFCT_CB_CONTINUE;
-
-	if (filter_mark(ct))
-		return NFCT_CB_CONTINUE;
-
-	if (filter_label(ct))
-		return NFCT_CB_CONTINUE;
-
-	if (options & CT_COMPARISON &&
-	    !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
+	if (nfct_filter(obj, ct))
 		return NFCT_CB_CONTINUE;
 
 	res = nfct_query(ith, NFCT_Q_DESTROY, ct);
@@ -1498,7 +1483,8 @@ static int update_cb(enum nf_conntrack_msg_type type,
 	int res;
 	struct nf_conntrack *obj = data, *tmp;
 
-	if (filter_nat(obj, ct))
+	if (filter_nat(obj, ct) ||
+	    filter_label(ct))
 		return NFCT_CB_CONTINUE;
 
 	if (nfct_attr_is_set(obj, ATTR_ID) && nfct_attr_is_set(ct, ATTR_ID) &&
@@ -1510,9 +1496,6 @@ static int update_cb(enum nf_conntrack_msg_type type,
 	if (options & CT_OPT_TUPLE_REPL && !nfct_cmp(obj, ct, NFCT_CMP_REPL))
 		return NFCT_CB_CONTINUE;
 
-	if (filter_label(ct))
-		return NFCT_CB_CONTINUE;
-
 	tmp = nfct_new();
 	if (tmp == NULL)
 		exit_error(OTHER_PROBLEM, "out of memory");
-- 
2.6.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux