diff options
author | Asbjørn Sloth Tønnesen <ast@fiberby.dk> | 2016-01-25 11:15:44 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-02-01 00:06:01 +0100 |
commit | d1a5fa49ef5cc735046202e85edf05988acfb18b (patch) | |
tree | 1a2c767d4b9aa4411de257e1322767e7be25a24d /src/conntrack.c | |
parent | ccf3a62c9f52d9e968dd5a24e089b4e4a9962edc (diff) |
conntrack: support delete by label
This option was already silently allowed by 991fc4ae,
but didn't have any effect.
This patch adds the check and documents it.
Cc: Clemence Faure <clemence.faure@sophos.com>
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.dk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack.c')
-rw-r--r-- | src/conntrack.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index 45b8822..b5a0a13 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1355,6 +1355,9 @@ static int delete_cb(enum nf_conntrack_msg_type type, if (filter_mark(ct)) return NFCT_CB_CONTINUE; + if (filter_label(ct)) + return NFCT_CB_CONTINUE; + if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) return NFCT_CB_CONTINUE; |