dump: support filtering by zone

based on a kernel side extension of the conntrack api, this patch brings this extension to userspace. When dumping the conntrack table we can now filter based on the conntrack zone directly in kernel space. If the kernel does not yet support this feature this filtering is ignored. Signed-off-by: Felix Huettner <felix.huettner@mail.schwarz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Felix Huettner <felix.huettner@mail.schwarz> 2023-12-05 09:35:03 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-24 21:16:34 +0100
commit: 931dc2d4c9195ab50974ce8af1a14053f2ebdc84 (patch)
tree: e9b293569350ced9331be06ef1866c810d6f8087 /utils
parent: c70c6457b256434ef039eabef243098301df0ea1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/utils/conntrack_dump_filter.c b/utils/conntrack_dump_filter.c
index 41e3f0c..16492ac 100644
--- a/utils/conntrack_dump_filter.c
+++ b/utils/conntrack_dump_filter.c
@@ -40,6 +40,8 @@ int main(void)
 					&filter_dump_mark);
 	nfct_filter_dump_set_attr_u8(filter_dump, NFCT_FILTER_DUMP_L3NUM,
 					AF_INET);
+	nfct_filter_dump_set_attr_u16(filter_dump, NFCT_FILTER_DUMP_ZONE,
+					123);
 
 	nfct_callback_register(h, NFCT_T_ALL, cb, NULL);
 	ret = nfct_query(h, NFCT_Q_DUMP_FILTER, filter_dump);
author	Felix Huettner <felix.huettner@mail.schwarz>	2023-12-05 09:35:03 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-24 21:16:34 +0100
commit	931dc2d4c9195ab50974ce8af1a14053f2ebdc84 (patch)
tree	e9b293569350ced9331be06ef1866c810d6f8087 /utils
parent	c70c6457b256434ef039eabef243098301df0ea1 (diff)