conntrack: use libmnl for flushing conntrack table

Use libmnl and libnetfilter_conntrack mnl helpers to flush the conntrack table entries. Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com> 2022-03-08 09:05:21 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-08 09:34:30 +0100
commit: 75b3c6a15178a44c6ccff68b79c2bc3a05f7aa28 (patch)
tree: 5ead89468f6997f88f5f9a5bd1af4eab160e9fe5
parent: 22618ff51aabed3dd85d1194103c3978be79acec (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index f6752f8..679a1d2 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -3470,11 +3470,14 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
 		break;
 
 	case CT_FLUSH:
-		cth = nfct_open(CONNTRACK, 0);
-		if (!cth)
-			exit_error(OTHER_PROBLEM, "Can't open handler");
-		res = nfct_query(cth, NFCT_Q_FLUSH_FILTER, &cmd->family);
-		nfct_close(cth);
+		res = nfct_mnl_socket_open(sock, 0);
+		if (res < 0)
+			exit_error(OTHER_PROBLEM, "Can't open netlink socket");
+
+		res = nfct_mnl_request(sock, NFNL_SUBSYS_CTNETLINK, cmd->family,
+				       IPCTNL_MSG_CT_DELETE, NLM_F_ACK, NULL, NULL);
+
+		nfct_mnl_socket_close(sock);
 		fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
 		fprintf(stderr,"connection tracking table has been emptied.\n");
 		break;
author	Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>	2022-03-08 09:05:21 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-08 09:34:30 +0100
commit	75b3c6a15178a44c6ccff68b79c2bc3a05f7aa28 (patch)
tree	5ead89468f6997f88f5f9a5bd1af4eab160e9fe5
parent	22618ff51aabed3dd85d1194103c3978be79acec (diff)