diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-09 00:02:44 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-09 00:02:44 +0100 |
| commit | dd93edbbd09af4523dfe0f0c3c92f510daf223e8 (patch) | |
| tree | b9915186192e76327dd85f7f2a4204dbd71a9ea6 | |
| parent | 1f5834262c91d835414b538857b67e058a1c1dac (diff) | |
| download | conntrack-tools-dd93edbbd09af4523dfe0f0c3c92f510daf223e8.tar.gz conntrack-tools-dd93edbbd09af4523dfe0f0c3c92f510daf223e8.zip | |
src: recover conntrackd -F operation
This patch recovers the option -F for conntrackd. This will be
particularly useful to flush the kernel conntrack table without
getting the event notification of the conntrack deletions
(that will happen with Linux kernel >= 2.6.29).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | conntrackd.8 | 4 | ||||
| -rw-r--r-- | include/netlink.h | 1 | ||||
| -rw-r--r-- | src/netlink.c | 5 | ||||
| -rw-r--r-- | src/run.c | 8 |
4 files changed, 12 insertions, 6 deletions
diff --git a/conntrackd.8 b/conntrackd.8 index 769a0f1..2d7b228 100644 --- a/conntrackd.8 +++ b/conntrackd.8 @@ -37,6 +37,10 @@ with "-i" and "-e" parameters. .BI "-f " Flush the internal and the external cache .TP +.BI "-F " +Flush the kernel conntrack table (if you use a Linux kernel >= 2.6.29, this +option will not flush your internal and external cache). +.TP .BI "-k " Kill the daemon .TP diff --git a/include/netlink.h b/include/netlink.h index 52d2480..b44ef21 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -14,6 +14,7 @@ struct nfct_handle *nl_init_overrun_handler(void); int nl_overrun_request_resync(void); void nl_resize_socket_buffer(struct nfct_handle *h); int nl_dump_conntrack_table(void); +int nl_flush_conntrack_table(void); int nl_exist_conntrack(const struct nf_conntrack *ct); int nl_get_conntrack(const struct nf_conntrack *ct); int nl_create_conntrack(const struct nf_conntrack *ct); diff --git a/src/netlink.c b/src/netlink.c index 31cee61..9d155aa 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -148,6 +148,11 @@ int nl_dump_conntrack_table(void) return nfct_query(STATE(dump), NFCT_Q_DUMP, &CONFIG(family)); } +int nl_flush_conntrack_table(void) +{ + return nfct_query(STATE(request), NFCT_Q_FLUSH, &CONFIG(family)); +} + int nl_overrun_request_resync(void) { int family = CONFIG(family); @@ -78,12 +78,8 @@ void local_handler(int fd, void *data) switch(type) { case FLUSH_MASTER: - dlog(LOG_WARNING, "`conntrackd -F' is deprecated. " - "Use conntrack -F instead."); - if (fork() == 0) { - execlp("conntrack", "conntrack", "-F", NULL); - exit(EXIT_SUCCESS); - } + dlog(LOG_NOTICE, "flushing kernel conntrack table"); + nl_flush_conntrack_table(); return; case RESYNC_MASTER: dlog(LOG_NOTICE, "resync with master table"); |