summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-12-09 00:02:44 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2008-12-09 00:02:44 +0100
commitdd93edbbd09af4523dfe0f0c3c92f510daf223e8 (patch)
treeb9915186192e76327dd85f7f2a4204dbd71a9ea6
parent1f5834262c91d835414b538857b67e058a1c1dac (diff)
src: recover conntrackd -F operation
This patch recovers the option -F for conntrackd. This will be particularly useful to flush the kernel conntrack table without getting the event notification of the conntrack deletions (that will happen with Linux kernel >= 2.6.29). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--conntrackd.84
-rw-r--r--include/netlink.h1
-rw-r--r--src/netlink.c5
-rw-r--r--src/run.c8
4 files changed, 12 insertions, 6 deletions
diff --git a/conntrackd.8 b/conntrackd.8
index 769a0f1..2d7b228 100644
--- a/conntrackd.8
+++ b/conntrackd.8
@@ -37,6 +37,10 @@ with "-i" and "-e" parameters.
.BI "-f "
Flush the internal and the external cache
.TP
+.BI "-F "
+Flush the kernel conntrack table (if you use a Linux kernel >= 2.6.29, this
+option will not flush your internal and external cache).
+.TP
.BI "-k "
Kill the daemon
.TP
diff --git a/include/netlink.h b/include/netlink.h
index 52d2480..b44ef21 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -14,6 +14,7 @@ struct nfct_handle *nl_init_overrun_handler(void);
int nl_overrun_request_resync(void);
void nl_resize_socket_buffer(struct nfct_handle *h);
int nl_dump_conntrack_table(void);
+int nl_flush_conntrack_table(void);
int nl_exist_conntrack(const struct nf_conntrack *ct);
int nl_get_conntrack(const struct nf_conntrack *ct);
int nl_create_conntrack(const struct nf_conntrack *ct);
diff --git a/src/netlink.c b/src/netlink.c
index 31cee61..9d155aa 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -148,6 +148,11 @@ int nl_dump_conntrack_table(void)
return nfct_query(STATE(dump), NFCT_Q_DUMP, &CONFIG(family));
}
+int nl_flush_conntrack_table(void)
+{
+ return nfct_query(STATE(request), NFCT_Q_FLUSH, &CONFIG(family));
+}
+
int nl_overrun_request_resync(void)
{
int family = CONFIG(family);
diff --git a/src/run.c b/src/run.c
index 6515e62..4bd0e5b 100644
--- a/src/run.c
+++ b/src/run.c
@@ -78,12 +78,8 @@ void local_handler(int fd, void *data)
switch(type) {
case FLUSH_MASTER:
- dlog(LOG_WARNING, "`conntrackd -F' is deprecated. "
- "Use conntrack -F instead.");
- if (fork() == 0) {
- execlp("conntrack", "conntrack", "-F", NULL);
- exit(EXIT_SUCCESS);
- }
+ dlog(LOG_NOTICE, "flushing kernel conntrack table");
+ nl_flush_conntrack_table();
return;
case RESYNC_MASTER:
dlog(LOG_NOTICE, "resync with master table");