diff options
| author | Felix Huettner <felix.huettner@mail.schwarz> | 2023-12-05 09:35:16 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-24 22:22:10 +0100 |
| commit | 27f09380ebb0fc21c4cd20070b828a27430b5de1 (patch) | |
| tree | 360d6ce202ac56056c7df17526a7145d09049c98 /include | |
| parent | 647de658b44b4942efe03bd8c1f89f2bd0a5f0e8 (diff) | |
flushing already supports filtering on the kernel side for value like
mark, l3num or zone. This patch extends the userspace code to also
support this.
To reduce code duplication the `nfct_filter_dump` struct and associated
logic is reused. Note that filtering by tuple is not supported, since
`CTA_FILTER` is not yet supported on the kernel side for flushing.
Trying to use it returns ENOTSUP.
Signed-off-by: Felix Huettner <felix.huettner@mail.schwarz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/prototypes.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h index 5e935f0..82a3f29 100644 --- a/include/internal/prototypes.h +++ b/include/internal/prototypes.h @@ -36,6 +36,7 @@ void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct); int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter); int __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump); +int __build_filter_flush(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump); int nfct_build_tuple(struct nlmsghdr *nlh, const struct __nfct_tuple *t, int type); int nfct_parse_tuple(const struct nlattr *attr, struct __nfct_tuple *tuple, int dir, uint32_t *set); |