From 75b3c6a15178a44c6ccff68b79c2bc3a05f7aa28 Mon Sep 17 00:00:00 2001
From: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
Date: Tue, 8 Mar 2022 09:05:21 +0100
Subject: conntrack: use libmnl for flushing conntrack table

Use libmnl and libnetfilter_conntrack mnl helpers to flush the conntrack
table entries.

Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/conntrack.c b/src/conntrack.c
index f6752f8..679a1d2 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -3470,11 +3470,14 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
 		break;
 
 	case CT_FLUSH:
-		cth = nfct_open(CONNTRACK, 0);
-		if (!cth)
-			exit_error(OTHER_PROBLEM, "Can't open handler");
-		res = nfct_query(cth, NFCT_Q_FLUSH_FILTER, &cmd->family);
-		nfct_close(cth);
+		res = nfct_mnl_socket_open(sock, 0);
+		if (res < 0)
+			exit_error(OTHER_PROBLEM, "Can't open netlink socket");
+
+		res = nfct_mnl_request(sock, NFNL_SUBSYS_CTNETLINK, cmd->family,
+				       IPCTNL_MSG_CT_DELETE, NLM_F_ACK, NULL, NULL);
+
+		nfct_mnl_socket_close(sock);
 		fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
 		fprintf(stderr,"connection tracking table has been emptied.\n");
 		break;
-- 
cgit v1.2.3