From 27f09380ebb0fc21c4cd20070b828a27430b5de1 Mon Sep 17 00:00:00 2001 From: Felix Huettner Date: Tue, 5 Dec 2023 09:35:16 +0000 Subject: conntrack: support flush filtering flushing already supports filtering on the kernel side for value like mark, l3num or zone. This patch extends the userspace code to also support this. To reduce code duplication the `nfct_filter_dump` struct and associated logic is reused. Note that filtering by tuple is not supported, since `CTA_FILTER` is not yet supported on the kernel side for flushing. Trying to use it returns ENOTSUP. Signed-off-by: Felix Huettner Signed-off-by: Pablo Neira Ayuso --- include/internal/prototypes.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h index 5e935f0..82a3f29 100644 --- a/include/internal/prototypes.h +++ b/include/internal/prototypes.h @@ -36,6 +36,7 @@ void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct); int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter); int __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump); +int __build_filter_flush(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump); int nfct_build_tuple(struct nlmsghdr *nlh, const struct __nfct_tuple *t, int type); int nfct_parse_tuple(const struct nlattr *attr, struct __nfct_tuple *tuple, int dir, uint32_t *set); -- cgit v1.2.3