summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/conntrack/api.c2
-rw-r--r--src/conntrack/bsf.c12
-rw-r--r--src/conntrack/filter_dump.c10
3 files changed, 18 insertions, 6 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 22965f1..2efb175 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -835,6 +835,8 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
break;
case NFCT_Q_FLUSH_FILTER:
nfct_fill_hdr(req, IPCTNL_MSG_CT_DELETE, NLM_F_ACK, *family, 1);
+ if (__build_filter_flush(req, size, data) < 0)
+ return -1;
break;
case NFCT_Q_DUMP:
nfct_fill_hdr(req, IPCTNL_MSG_CT_GET, NLM_F_DUMP, *family,
diff --git a/src/conntrack/bsf.c b/src/conntrack/bsf.c
index 48fd4fa..1e78bad 100644
--- a/src/conntrack/bsf.c
+++ b/src/conntrack/bsf.c
@@ -336,7 +336,7 @@ add_state_filter_cta(struct sock_filter *this,
s = stack_create(sizeof(struct jump), 3 + 32);
if (s == NULL) {
errno = ENOMEM;
- return -1;
+ return 0;
}
jt = 1;
@@ -403,7 +403,7 @@ add_state_filter(struct sock_filter *this,
if (cta[proto].cta_protoinfo == 0 && cta[proto].cta_state == 0) {
errno = ENOTSUP;
- return -1;
+ return 0;
}
return add_state_filter_cta(this,
@@ -448,7 +448,7 @@ bsf_add_proto_filter(const struct nfct_filter *f, struct sock_filter *this)
s = stack_create(sizeof(struct jump), 3 + 255);
if (s == NULL) {
errno = ENOMEM;
- return -1;
+ return 0;
}
jt = 1;
@@ -520,7 +520,7 @@ bsf_add_addr_ipv4_filter(const struct nfct_filter *f,
s = stack_create(sizeof(struct jump), 3 + 127);
if (s == NULL) {
errno = ENOMEM;
- return -1;
+ return 0;
}
jt = 1;
@@ -605,7 +605,7 @@ bsf_add_addr_ipv6_filter(const struct nfct_filter *f,
s = stack_create(sizeof(struct jump), 3 + 80);
if (s == NULL) {
errno = ENOMEM;
- return -1;
+ return 0;
}
jf = 1;
@@ -704,7 +704,7 @@ bsf_add_mark_filter(const struct nfct_filter *f, struct sock_filter *this)
s = stack_create(sizeof(struct jump), 3 + 127);
if (s == NULL) {
errno = ENOMEM;
- return -1;
+ return 0;
}
jt = 1;
diff --git a/src/conntrack/filter_dump.c b/src/conntrack/filter_dump.c
index 0a19985..fd2d002 100644
--- a/src/conntrack/filter_dump.c
+++ b/src/conntrack/filter_dump.c
@@ -64,3 +64,13 @@ int __build_filter_dump(struct nfnlhdr *req, size_t size,
{
return nfct_nlmsg_build_filter(&req->nlh, filter_dump);
}
+
+int __build_filter_flush(struct nfnlhdr *req, size_t size,
+ const struct nfct_filter_dump *filter_dump)
+{
+ if (filter_dump->set & (1 << NFCT_FILTER_DUMP_TUPLE)) {
+ errno = ENOTSUP;
+ return -1;
+ }
+ return nfct_nlmsg_build_filter(&req->nlh, filter_dump);
+}