diff options
author | Florian Westphal <fw@strlen.de> | 2021-08-02 11:12:29 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-08-05 13:58:18 +0200 |
commit | 5f823f8fd90dc77b4256fc6cc296834cbe5c0f21 (patch) | |
tree | 9f4825137debfee7b3ee4773d868207708528dc5 /src | |
parent | 5f6a7f009687f9790411e8e94b41423dcbe205b1 (diff) |
src: add support for status dump filter
This tells kernel to suppress conntrack entries that do not match
the status bits/bitmask filter.
This is useful to e.g. only list entries that are not assured
(value 0, mask == ASSUED) or entries that only saw one-way traffic
(value 0, mask == SEEN_REPLY).
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack/filter_dump.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/conntrack/filter_dump.c b/src/conntrack/filter_dump.c index 158b4cb..3894d06 100644 --- a/src/conntrack/filter_dump.c +++ b/src/conntrack/filter_dump.c @@ -20,6 +20,16 @@ set_filter_dump_attr_mark(struct nfct_filter_dump *filter_dump, } static void +set_filter_dump_attr_status(struct nfct_filter_dump *filter_dump, + const void *value) +{ + const struct nfct_filter_dump_mark *this = value; + + filter_dump->status.val = this->val; + filter_dump->status.mask = this->mask; +} + +static void set_filter_dump_attr_family(struct nfct_filter_dump *filter_dump, const void *value) { @@ -29,6 +39,7 @@ set_filter_dump_attr_family(struct nfct_filter_dump *filter_dump, const set_filter_dump_attr set_filter_dump_attr_array[NFCT_FILTER_DUMP_MAX] = { [NFCT_FILTER_DUMP_MARK] = set_filter_dump_attr_mark, [NFCT_FILTER_DUMP_L3NUM] = set_filter_dump_attr_family, + [NFCT_FILTER_DUMP_STATUS] = set_filter_dump_attr_status, }; void __build_filter_dump(struct nfnlhdr *req, size_t size, @@ -44,4 +55,10 @@ void __build_filter_dump(struct nfnlhdr *req, size_t size, struct nfgenmsg *nfg = NLMSG_DATA(&req->nlh); nfg->nfgen_family = filter_dump->l3num; } + if (filter_dump->set & (1 << NFCT_FILTER_DUMP_STATUS)) { + nfnl_addattr32(&req->nlh, size, CTA_STATUS, + htonl(filter_dump->status.val)); + nfnl_addattr32(&req->nlh, size, CTA_STATUS_MASK, + htonl(filter_dump->status.mask)); + } } |