summaryrefslogtreecommitdiffstats
path: root/src/netlink.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-07-06 14:48:04 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-07-06 15:17:25 +0200
commite2c6576e775652c35d336afa0551676339c6a793 (patch)
treed998fe683c0dc28c991f5d43fe74899c3dd747c1 /src/netlink.c
parentc4ce3ffb9a9f0288376312206529eb1428f3aeca (diff)
conntrackd: deprecate `Family' in configuration file
This patch deprecates the `Family' tweak in the configuration file. Several reasons for this: * If not specified, this was default to IPv4 only in table dumps from the kernel. However, non-IPv4 events were still received. This is inconsistent. * It's an early tweak that was not documented (not included in any of the example files). If we want to support any sort of consistent filtering based on the family, this should happen in the filtering code. After this patch, conntrackd uses AF_UNSPEC to dump the conntrack and expectation tables from the kernel. Reported-by: Bill Fink <billfink@mindspring.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
-rw-r--r--src/netlink.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/netlink.c b/src/netlink.c
index bd38d99..5be102e 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -146,9 +146,11 @@ void nl_resize_socket_buffer(struct nfct_handle *h)
"to %u bytes", CONFIG(netlink_buffer_size));
}
+static const int family = AF_UNSPEC;
+
int nl_dump_conntrack_table(struct nfct_handle *h)
{
- return nfct_query(h, NFCT_Q_DUMP, &CONFIG(family));
+ return nfct_query(h, NFCT_Q_DUMP, &family);
}
static int
@@ -182,7 +184,7 @@ int nl_flush_conntrack_table_selective(void)
}
nfct_callback_register(h, NFCT_T_ALL, nl_flush_selective_cb, NULL);
- ret = nfct_query(h, NFCT_Q_DUMP, &CONFIG(family));
+ ret = nfct_query(h, NFCT_Q_DUMP, &family);
nfct_close(h);
@@ -191,7 +193,6 @@ int nl_flush_conntrack_table_selective(void)
int nl_send_resync(struct nfct_handle *h)
{
- int family = CONFIG(family);
return nfct_send(h, NFCT_Q_DUMP, &family);
}
@@ -380,16 +381,15 @@ int nl_get_expect(struct nfct_handle *h, const struct nf_expect *exp)
int nl_dump_expect_table(struct nfct_handle *h)
{
- return nfexp_query(h, NFCT_Q_DUMP, &CONFIG(family));
+ return nfexp_query(h, NFCT_Q_DUMP, &family);
}
int nl_flush_expect_table(struct nfct_handle *h)
{
- return nfexp_query(h, NFCT_Q_FLUSH, &CONFIG(family));
+ return nfexp_query(h, NFCT_Q_FLUSH, &family);
}
int nl_send_expect_resync(struct nfct_handle *h)
{
- int family = CONFIG(family);
return nfexp_send(h, NFCT_Q_DUMP, &family);
}