summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAsbjørn Sloth Tønnesen <ast@fiberby.dk>2016-01-25 11:15:44 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2016-02-01 00:06:01 +0100
commitd1a5fa49ef5cc735046202e85edf05988acfb18b (patch)
tree1a2c767d4b9aa4411de257e1322767e7be25a24d
parentccf3a62c9f52d9e968dd5a24e089b4e4a9962edc (diff)
conntrack: support delete by label
This option was already silently allowed by 991fc4ae, but didn't have any effect. This patch adds the check and documents it. Cc: Clemence Faure <clemence.faure@sophos.com> Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.dk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat
-rw-r--r--conntrack.82
-rw-r--r--src/conntrack.c3
2 files changed, 4 insertions, 1 deletions
diff --git a/conntrack.8 b/conntrack.8
index a981a76..970c2d7 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -146,7 +146,7 @@ In "\-\-create" mode, the mask is ignored.
.TP
.BI "-l, --label " "LABEL"
Specify a conntrack label.
-This option is only available in conjunction with "\-L, \-\-dump", "\-E, \-\-event", or "\-U \-\-update".
+This option is only available in conjunction with "\-L, \-\-dump", "\-E, \-\-event", "\-U \-\-update" or "\-D \-\-delete".
Match entries whose labels match at least those specified.
Use multiple \-l commands to specify multiple labels that need to be set.
Match entries whose labels matches at least those specified as arguments.
diff --git a/src/conntrack.c b/src/conntrack.c
index 45b8822..b5a0a13 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1355,6 +1355,9 @@ static int delete_cb(enum nf_conntrack_msg_type type,
if (filter_mark(ct))
return NFCT_CB_CONTINUE;
+ if (filter_label(ct))
+ return NFCT_CB_CONTINUE;
+
if (options & CT_COMPARISON &&
!nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
return NFCT_CB_CONTINUE;