This option was already silently allowed by 991fc4ae,
but didn't have any effect.
This patch adds the check and documents it.
Cc: Clemence Faure <clemence.faure@xxxxxxxxxx>
Signed-off-by: Asbjørn Sloth Tønnesen <ast@xxxxxxxxxx>
---
Notes:
I tried to create a test case, as well but I didn't
seam to be able to get --label-add to work with
create.
conntrack.8 | 2 +-
src/conntrack.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/conntrack.8 b/conntrack.8
index a981a76..970c2d7 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -146,7 +146,7 @@ In "\-\-create" mode, the mask is ignored.
.TP
.BI "-l, --label " "LABEL"
Specify a conntrack label.
-This option is only available in conjunction with "\-L, \-\-dump", "\-E, \-\-event", or "\-U \-\-update".
+This option is only available in conjunction with "\-L, \-\-dump", "\-E, \-\-event", "\-U \-\-update" or "\-D \-\-delete".
Match entries whose labels match at least those specified.
Use multiple \-l commands to specify multiple labels that need to be set.
Match entries whose labels matches at least those specified as arguments.
diff --git a/src/conntrack.c b/src/conntrack.c
index 45b8822..b5a0a13 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1355,6 +1355,9 @@ static int delete_cb(enum nf_conntrack_msg_type type,
if (filter_mark(ct))
return NFCT_CB_CONTINUE;
+ if (filter_label(ct))
+ return NFCT_CB_CONTINUE;
+
if (options & CT_COMPARISON &&
!nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
return NFCT_CB_CONTINUE;
--
2.6.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
