summaryrefslogtreecommitdiffstats
path: root/src/conntrack/api.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r--src/conntrack/api.c40
1 files changed, 31 insertions, 9 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index ffa5216..2efb175 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -307,7 +307,7 @@ int nfct_callback_register2(struct nfct_handle *h,
assert(h != NULL);
- container = calloc(sizeof(struct __data_container), 1);
+ container = calloc(1, sizeof(struct __data_container));
if (container == NULL)
return -1;
@@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
assert(req != NULL);
assert(ct != NULL);
+ memset(req, 0, size);
+
return __build_conntrack(ssh, req, size, type, flags, ct);
}
@@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
assert(data != NULL);
assert(req != NULL);
- memset(req, 0, size);
+ memset(buffer, 0, size);
switch(qt) {
case NFCT_Q_CREATE:
@@ -831,6 +833,11 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
nfct_fill_hdr(req, IPCTNL_MSG_CT_DELETE, NLM_F_ACK, *family,
NFNETLINK_V0);
break;
+ case NFCT_Q_FLUSH_FILTER:
+ nfct_fill_hdr(req, IPCTNL_MSG_CT_DELETE, NLM_F_ACK, *family, 1);
+ if (__build_filter_flush(req, size, data) < 0)
+ return -1;
+ break;
case NFCT_Q_DUMP:
nfct_fill_hdr(req, IPCTNL_MSG_CT_GET, NLM_F_DUMP, *family,
NFNETLINK_V0);
@@ -845,12 +852,14 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
case NFCT_Q_DUMP_FILTER:
nfct_fill_hdr(req, IPCTNL_MSG_CT_GET, NLM_F_DUMP, AF_UNSPEC,
NFNETLINK_V0);
- __build_filter_dump(req, size, data);
+ if (__build_filter_dump(req, size, data) < 0)
+ return -1;
break;
case NFCT_Q_DUMP_FILTER_RESET:
nfct_fill_hdr(req, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_DUMP,
AF_UNSPEC, NFNETLINK_V0);
- __build_filter_dump(req, size, data);
+ if (__build_filter_dump(req, size, data) < 0)
+ return -1;
break;
default:
errno = ENOTSUP;
@@ -1099,9 +1108,9 @@ int nfct_catch(struct nfct_handle *h)
* print the message just after you receive the destroy event. If you want
* more accurate timestamping, use NFCT_OF_TIMESTAMP.
*
- * This function returns the size of the information that _would_ have been
- * written to the buffer, even if there was no room for it. Thus, the
- * behaviour is similar to snprintf.
+ * On error, -1 is returned and errno is set appropiately. Otherwise the
+ * size of what _would_ be written is returned, even if the size of the
+ * buffer is insufficient. This behaviour is similar to snprintf.
*/
int nfct_snprintf(char *buf,
unsigned int size,
@@ -1356,7 +1365,7 @@ void nfct_copy_attr(struct nf_conntrack *ct1,
*/
struct nfct_filter *nfct_filter_create(void)
{
- return calloc(sizeof(struct nfct_filter), 1);
+ return calloc(1, sizeof(struct nfct_filter));
}
/**
@@ -1495,7 +1504,7 @@ int nfct_filter_detach(int fd)
*/
struct nfct_filter_dump *nfct_filter_dump_create(void)
{
- return calloc(sizeof(struct nfct_filter_dump), 1);
+ return calloc(1, sizeof(struct nfct_filter_dump));
}
/**
@@ -1547,6 +1556,19 @@ void nfct_filter_dump_set_attr_u8(struct nfct_filter_dump *filter_dump,
}
/**
+ * nfct_filter_dump_attr_set_u16 - set u16 dump filter attribute
+ * \param filter dump filter object that we want to modify
+ * \param type filter attribute type
+ * \param value value of the filter attribute using unsigned int (32 bits).
+ */
+void nfct_filter_dump_set_attr_u16(struct nfct_filter_dump *filter_dump,
+ const enum nfct_filter_dump_attr type,
+ uint16_t value)
+{
+ nfct_filter_dump_set_attr(filter_dump, type, &value);
+}
+
+/**
* @}
*/