summaryrefslogtreecommitdiff
path: root/src/netlink.c
diff options
context:
space:
mode:
authorGaurav Sinha <gaurav.sinha@vyatta.com>2012-07-31 10:25:05 -0700
committerGaurav Sinha <gaurav.sinha@vyatta.com>2012-07-31 10:25:05 -0700
commit0048c67d414381245942cd83410006d1dfea9c75 (patch)
tree0ed994a182a5c6d9db987fa0850636131081455e /src/netlink.c
parent8be58fa3856eb4f296a7166fd9b2b17b1bc5d40c (diff)
downloadconntrack-tools-0048c67d414381245942cd83410006d1dfea9c75.tar.gz
conntrack-tools-0048c67d414381245942cd83410006d1dfea9c75.zip
fixing 8243: fix will selectively flush the conntrack table on master, ignoring ignored addresses during flush
Diffstat (limited to 'src/netlink.c')
-rw-r--r--src/netlink.c37
1 files changed, 35 insertions, 2 deletions
diff --git a/src/netlink.c b/src/netlink.c
index fe979e3..bd38d99 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -151,9 +151,42 @@ int nl_dump_conntrack_table(struct nfct_handle *h)
return nfct_query(h, NFCT_Q_DUMP, &CONFIG(family));
}
-int nl_flush_conntrack_table(struct nfct_handle *h)
+static int
+nl_flush_selective_cb(enum nf_conntrack_msg_type type,
+ struct nf_conntrack *ct, void *data)
{
- return nfct_query(h, NFCT_Q_FLUSH, &CONFIG(family));
+ /* don't delete this conntrack, it's in the ignore filter */
+ if (ct_filter_conntrack(ct, 1))
+ return NFCT_CB_CONTINUE;
+
+ switch(type) {
+ case NFCT_T_UPDATE:
+ nl_destroy_conntrack(STATE(flush), ct);
+ break;
+ default:
+ STATE(stats).nl_dump_unknown_type++;
+ break;
+ }
+ return NFCT_CB_CONTINUE;
+}
+
+int nl_flush_conntrack_table_selective(void)
+{
+ struct nfct_handle *h;
+ int ret;
+
+ h = nfct_open(CONNTRACK, 0);
+ if (h == NULL) {
+ dlog(LOG_ERR, "cannot open handle");
+ return -1;
+ }
+ nfct_callback_register(h, NFCT_T_ALL, nl_flush_selective_cb, NULL);
+
+ ret = nfct_query(h, NFCT_Q_DUMP, &CONFIG(family));
+
+ nfct_close(h);
+
+ return ret;
}
int nl_send_resync(struct nfct_handle *h)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 03:00:02 +0000