diff options
author | Felix Huettner <felix.huettner@mail.schwarz> | 2023-12-05 09:35:16 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-24 22:22:10 +0100 |
commit | 27f09380ebb0fc21c4cd20070b828a27430b5de1 (patch) | |
tree | 360d6ce202ac56056c7df17526a7145d09049c98 /src/conntrack/api.c | |
parent | 647de658b44b4942efe03bd8c1f89f2bd0a5f0e8 (diff) |
conntrack: support flush filtering
flushing already supports filtering on the kernel side for value like
mark, l3num or zone. This patch extends the userspace code to also
support this.
To reduce code duplication the `nfct_filter_dump` struct and associated
logic is reused. Note that filtering by tuple is not supported, since
`CTA_FILTER` is not yet supported on the kernel side for flushing.
Trying to use it returns ENOTSUP.
Signed-off-by: Felix Huettner <felix.huettner@mail.schwarz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r-- | src/conntrack/api.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 22965f1..2efb175 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -835,6 +835,8 @@ __build_query_ct(struct nfnl_subsys_handle *ssh, break; case NFCT_Q_FLUSH_FILTER: nfct_fill_hdr(req, IPCTNL_MSG_CT_DELETE, NLM_F_ACK, *family, 1); + if (__build_filter_flush(req, size, data) < 0) + return -1; break; case NFCT_Q_DUMP: nfct_fill_hdr(req, IPCTNL_MSG_CT_GET, NLM_F_DUMP, *family, |