This allows not to deliver any event. This can be useful if you want
no events for some protocols, for example:
iptables -I PREROUTING -t raw -p udp -j CT --ctevents none
Thus, no events for UDP traffic are delivered to user-space.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
extensions/libxt_CT.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index 682dd83..e233902 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -68,7 +68,7 @@ static uint32_t ct_parse_events(const struct event_tbl *tbl, unsigned int size,
strcpy(str, events);
while ((t = strsep(&e, ","))) {
for (i = 0; i < size; i++) {
- if (strcmp(t, tbl[i].name))
+ if (!strcmp(t, "none") || strcmp(t, tbl[i].name))
continue;
mask |= 1 << tbl[i].event;
break;
@@ -87,6 +87,10 @@ static void ct_print_events(const char *pfx, const struct event_tbl *tbl,
const char *sep = "";
unsigned int i;
+ if (mask == 0) {
+ printf("none ");
+ return;
+ }
printf("%s ", pfx);
for (i = 0; i < size; i++) {
if (mask & (1 << tbl[i].event)) {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
