From e83beca64100992d58f86dd8680e6a3ef30554fb Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 14 Nov 2021 12:18:31 +0100
Subject: conntrack: use libmnl for listing conntrack table

Use libmnl and libnetfilter_conntrack mnl helpers to dump the conntrack
table entries.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack.c | 36 ++++++++++++++++--------------------
 1 file changed, 16 insertions(+), 20 deletions(-)

diff --git a/src/conntrack.c b/src/conntrack.c
index 7d9eddb..5bd3cb5 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2451,6 +2451,9 @@ nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
 
 	nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, family);
 
+	if (filter_dump)
+		nfct_nlmsg_build_filter(nlh, filter_dump);
+
 	res = mnl_socket_sendto(sock.mnl, nlh, nlh->nlmsg_len);
 	if (res < 0)
 		return res;
@@ -3216,32 +3219,23 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
 
 	switch(cmd->command) {
 	case CT_LIST:
-		if (cmd->type == CT_TABLE_DYING) {
-			if (nfct_mnl_socket_open(0) < 0)
-				exit_error(OTHER_PROBLEM, "Can't open handler");
+		if (nfct_mnl_socket_open(0) < 0)
+			exit_error(OTHER_PROBLEM, "Can't open handler");
 
+		if (cmd->type == CT_TABLE_DYING) {
 			res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
 					    IPCTNL_MSG_CT_GET_DYING,
 					    mnl_nfct_dump_cb, cmd, NULL);
-
 			nfct_mnl_socket_close();
 			break;
 		} else if (cmd->type == CT_TABLE_UNCONFIRMED) {
-			if (nfct_mnl_socket_open(0) < 0)
-				exit_error(OTHER_PROBLEM, "Can't open handler");
-
 			res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
 					    IPCTNL_MSG_CT_GET_UNCONFIRMED,
 					    mnl_nfct_dump_cb, cmd, NULL);
-
 			nfct_mnl_socket_close();
 			break;
 		}
 
-		cth = nfct_open(CONNTRACK, 0);
-		if (!cth)
-			exit_error(OTHER_PROBLEM, "Can't open handler");
-
 		if (cmd->options & CT_COMPARISON &&
 		    cmd->options & CT_OPT_ZERO)
 			exit_error(PARAMETER_PROBLEM, "Can't use -z with "
@@ -3249,8 +3243,6 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
 
 		nfct_filter_init(cmd);
 
-		nfct_callback_register(cth, NFCT_T_ALL, dump_cb, cmd);
-
 		filter_dump = nfct_filter_dump_create();
 		if (filter_dump == NULL)
 			exit_error(OTHER_PROBLEM, "OOM");
@@ -3268,11 +3260,15 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
 						  NFCT_FILTER_DUMP_STATUS,
 						  &cmd->tmpl.filter_status_kernel);
 		}
-		if (cmd->options & CT_OPT_ZERO)
-			res = nfct_query(cth, NFCT_Q_DUMP_FILTER_RESET,
-					filter_dump);
-		else
-			res = nfct_query(cth, NFCT_Q_DUMP_FILTER, filter_dump);
+		if (cmd->options & CT_OPT_ZERO) {
+			res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
+					    IPCTNL_MSG_CT_GET_CTRZERO,
+					    mnl_nfct_dump_cb, cmd, filter_dump);
+		} else {
+			res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
+					    IPCTNL_MSG_CT_GET,
+					    mnl_nfct_dump_cb, cmd, filter_dump);
+		}
 
 		nfct_filter_dump_destroy(filter_dump);
 
@@ -3281,7 +3277,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
 			fflush(stdout);
 		}
 
-		nfct_close(cth);
+		nfct_mnl_socket_close();
 		break;
 
 	case EXP_LIST:
-- 
cgit v1.2.3