libnetfilter_conntrack  1.0.6
cmp-exp.c
1 /*
2  * (C) 2011 by Pablo Neira Ayuso <pablo@netfilter.org>
3  * (C) 2011 by Vyatta <http://www.vyatta.com>
4  *
5  * This software may be used and distributed according to the terms
6  * of the GNU General Public License, incorporated herein by reference.
7  */
8 
9 #include "internal/internal.h"
10 
11 static int __cmp(int attr,
12  const struct nf_expect *exp1,
13  const struct nf_expect *exp2,
14  unsigned int flags,
15  int (*cmp)(const struct nf_expect *exp1,
16  const struct nf_expect *exp2,
17  unsigned int flags))
18 {
19  if (test_bit(attr, exp1->set) && test_bit(attr, exp2->set)) {
20  return cmp(ct1, ct2, flags);
21  } else if (flags & NFCT_CMP_MASK &&
22  test_bit(attr, exp1->set)) {
23  return 0;
24  } else if (flags & NFCT_CMP_STRICT) {
25  return 0;
26  }
27  return 1;
28 }
29 
30 /* merge with cmp_timeout for ct's, put it in src/main.c. */
31 static int
32 cmp_timeout(const struct nf_expect *exp1,
33  const struct nf_expect *exp2,
34  unsigned int flags)
35 {
36  int ret = 0;
37 
38 #define __NFCT_CMP_TIMEOUT (NFCT_CMP_TIMEOUT_LE | NFCT_CMP_TIMEOUT_GT)
39 
40  if (!(flags & __NFCT_CMP_TIMEOUT) &&
41  exp1->timeout != exp2->timeout)
42  return 0;
43  else {
44  if (flags & NFCT_CMP_TIMEOUT_GT &&
45  exp1->timeout > exp2->timeout)
46  ret = 1;
47  else if (flags & NFCT_CMP_TIMEOUT_LT &&
48  exp1->timeout < exp2->timeout)
49  ret = 1;
50  else if (flags & NFCT_CMP_TIMEOUT_EQ &&
51  exp1->timeout == exp2->timeout)
52  ret = 1;
53 
54  if (ret == 0)
55  return 0;
56  }
57  return ret;
58 }
59 
60 static int
61 cmp_status(const struct nf_conntrack *ct1,
62  const struct nf_conntrack *ct2,
63  unsigned int flags)
64 {
65  return ((ct1->status & ct2->status) == ct1->status);
66 }
67 
68 static int
69 cmp_zone(const struct nf_conntrack *ct1,
70  const struct nf_conntrack *ct2,
71  unsigned int flags)
72 {
73  return (ct1->zone == ct2->zone);
74 }
75 
76 static int cmp_meta(const struct nf_expect *exp1,
77  const struct nf_expect *exp2,
78  unsigned int flags)
79 {
80  if (!__cmp(ATTR_EXP_TIMEOUT, exp1, exp2, flags, cmp_timeout))
81  return 0;
82  if (!__cmp(ATTR_EXP_FLAGS, exp1, exp2, flags, cmp_status))
83  return 0;
84  if (!__cmp(ATTR_EXP_ZONE, exp1, exp2, flags, cmp_zone))
85  return 0;
86 
87  return 1;
88 }
89 
90 int cmp_exp(const struct nf_expect *exp1, const struct nf_expect *exp2,
91  unsigned int flags)
92 {
93  const struct nf_conntrack *ct1, *ct2;
94 
95  ct1 = nfexp_get_attr(exp1, ATTR_EXP_MASTER);
96  ct2 = nfexp_get_attr(exp2, ATTR_EXP_MASTER);
97 
98  if (!nfct_cmp(ct1, ct2, NFCT_CMP_ORIG|NFCT_CMP_REPL))
99  return 0;
100 
101  ct1 = nfexp_get_attr(exp1, ATTR_EXP_EXPECTED);
102  ct2 = nfexp_get_attr(exp2, ATTR_EXP_EXPECTED);
103 
104  if (!nfct_cmp(ct1, ct2, NFCT_CMP_ORIG))
105  return 0;
106 
107  ct1 = nfexp_get_attr(exp1, ATTR_EXP_MASK);
108  ct2 = nfexp_get_attr(exp2, ATTR_EXP_MASK);
109 
110  if (!nfct_cmp(ct1, ct2, NFCT_CMP_ORIG))
111  return 0;
112 
113  if (flags & NFCT_CMP_META) {
114  /* FIXME: missing comparison of zone and flags. */
115  }
116 
117  return 1;
118 }
int nfct_cmp(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags)
const void * nfexp_get_attr(const struct nf_expect *exp, const enum nf_expect_attr type)
Definition: expect/api.c:371