Use libmnl and libnetfilter_conntrack mnl helpers to delete
the conntrack table entries.
Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@xxxxxxxxx>
---
src/conntrack.c | 109 ++++++++++++++++++++++++++----------------------
1 file changed, 60 insertions(+), 49 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 161e6a5..8cd760b 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -608,7 +608,7 @@ static const char usage_parameters[] =
#define OPTION_OFFSET 256
-static struct nfct_handle *cth, *ith;
+static struct nfct_handle *cth;
static struct option *opts = original_opts;
static unsigned int global_option_offset = 0;
@@ -2036,46 +2036,6 @@ done:
return NFCT_CB_CONTINUE;
}
-static int delete_cb(enum nf_conntrack_msg_type type,
- struct nf_conntrack *ct,
- void *data)
-{
- unsigned int op_type = NFCT_O_DEFAULT;
- unsigned int op_flags = 0;
- struct ct_cmd *cmd = data;
- char buf[1024];
- int res;
-
- if (nfct_filter(cmd, ct, cur_tmpl))
- return NFCT_CB_CONTINUE;
-
- res = nfct_query(ith, NFCT_Q_DESTROY, ct);
- if (res < 0)
- exit_error(OTHER_PROBLEM,
- "Operation failed: %s",
- err2str(errno, CT_DELETE));
-
- if (output_mask & _O_SAVE) {
- ct_save_snprintf(buf, sizeof(buf), ct, labelmap, NFCT_T_DESTROY);
- goto done;
- }
-
- if (output_mask & _O_XML)
- op_type = NFCT_O_XML;
- if (output_mask & _O_EXT)
- op_flags = NFCT_OF_SHOW_LAYER3;
- if (output_mask & _O_ID)
- op_flags |= NFCT_OF_ID;
-
- nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
-done:
- printf("%s\n", buf);
-
- counter++;
-
- return NFCT_CB_CONTINUE;
-}
-
static void copy_mark(const struct ct_cmd *cmd, struct nf_conntrack *tmp,
const struct nf_conntrack *ct,
const struct u32_mask *m)
@@ -2775,6 +2735,57 @@ destroy_ok:
return MNL_CB_OK;
}
+static int mnl_nfct_delete_cb(const struct nlmsghdr *nlh, void *data)
+{
+ unsigned int op_type = NFCT_O_DEFAULT;
+ unsigned int op_flags = 0;
+ struct ct_cmd *cmd = data;
+ char buf[1024];
+ int res;
+ struct nf_conntrack *ct;
+ struct nfct_mnl_socket *modifier_sock = &_modifier_sock;
+
+ ct = nfct_new();
+ if (ct == NULL)
+ return MNL_CB_OK;
+
+ nfct_nlmsg_parse(nlh, ct);
+
+ if (nfct_filter(cmd, ct, cur_tmpl))
+ goto destroy_ok;
+
+ res = nfct_mnl_set_ct(modifier_sock,
+ NFNL_SUBSYS_CTNETLINK,
+ IPCTNL_MSG_CT_DELETE,
+ ct);
+ if (res < 0)
+ exit_error(OTHER_PROBLEM,
+ "Operation failed: %s",
+ err2str(errno, CT_DELETE));
+
+ if (output_mask & _O_SAVE) {
+ ct_save_snprintf(buf, sizeof(buf), ct, labelmap, NFCT_T_DESTROY);
+ goto done;
+ }
+
+ if (output_mask & _O_XML)
+ op_type = NFCT_O_XML;
+ if (output_mask & _O_EXT)
+ op_flags = NFCT_OF_SHOW_LAYER3;
+ if (output_mask & _O_ID)
+ op_flags |= NFCT_OF_ID;
+
+ nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
+done:
+ printf("%s\n", buf);
+
+ counter++;
+
+destroy_ok:
+ nfct_destroy(ct);
+ return MNL_CB_OK;
+}
+
static struct ctproto_handler *h;
static void labelmap_init(void)
@@ -3447,15 +3458,12 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
break;
case CT_DELETE:
- cth = nfct_open(CONNTRACK, 0);
- ith = nfct_open(CONNTRACK, 0);
- if (!cth || !ith)
+ if (nfct_mnl_socket_open(sock, 0) < 0
+ || nfct_mnl_socket_open(modifier_sock, 0) < 0)
exit_error(OTHER_PROBLEM, "Can't open handler");
nfct_filter_init(cmd);
- nfct_callback_register(cth, NFCT_T_ALL, delete_cb, cmd);
-
filter_dump = nfct_filter_dump_create();
if (filter_dump == NULL)
exit_error(OTHER_PROBLEM, "OOM");
@@ -3469,12 +3477,15 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
NFCT_FILTER_DUMP_L3NUM,
cmd->family);
- res = nfct_query(cth, NFCT_Q_DUMP_FILTER, filter_dump);
+ res = nfct_mnl_dump(sock,
+ NFNL_SUBSYS_CTNETLINK,
+ IPCTNL_MSG_CT_GET,
+ mnl_nfct_delete_cb, cmd, filter_dump);
nfct_filter_dump_destroy(filter_dump);
- nfct_close(ith);
- nfct_close(cth);
+ nfct_mnl_socket_close(modifier_sock);
+ nfct_mnl_socket_close(sock);
break;
case EXP_DELETE:
--
2.25.1
