From 931dc2d4c9195ab50974ce8af1a14053f2ebdc84 Mon Sep 17 00:00:00 2001
From: Felix Huettner <felix.huettner@mail.schwarz>
Date: Tue, 5 Dec 2023 09:35:03 +0000
Subject: dump: support filtering by zone

based on a kernel side extension of the conntrack api, this patch brings
this extension to userspace.

When dumping the conntrack table we can now filter based on the
conntrack zone directly in kernel space. If the kernel does not yet
support this feature this filtering is ignored.

Signed-off-by: Felix Huettner <felix.huettner@mail.schwarz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 utils/conntrack_dump_filter.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'utils')

diff --git a/utils/conntrack_dump_filter.c b/utils/conntrack_dump_filter.c
index 41e3f0c..16492ac 100644
--- a/utils/conntrack_dump_filter.c
+++ b/utils/conntrack_dump_filter.c
@@ -40,6 +40,8 @@ int main(void)
 					&filter_dump_mark);
 	nfct_filter_dump_set_attr_u8(filter_dump, NFCT_FILTER_DUMP_L3NUM,
 					AF_INET);
+	nfct_filter_dump_set_attr_u16(filter_dump, NFCT_FILTER_DUMP_ZONE,
+					123);
 
 	nfct_callback_register(h, NFCT_T_ALL, cb, NULL);
 	ret = nfct_query(h, NFCT_Q_DUMP_FILTER, filter_dump);
-- 
cgit v1.2.3