[PATCH 6/7] add support for zeroing counters at getting
Pablo Neira
pablo at netfilter.org
Fri Nov 4 19:00:42 CET 2005
Add support to zero counters conntrack at getting. Currently we can zero
all the conntracks via zero and dump, but it could be useful more fine
grain zeroing.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
-------------- next part --------------
Add support to zero counters conntrack at getting. Currently we can zero all
the conntracks via zero and dump, but it could be useful more fine grain
zeroing.
Signed-by-off: Pablo Neira Ayuso <pablo at netfilter.org>
Index: net-2.6.git/net/ipv4/netfilter/ip_conntrack_netlink.c
===================================================================
--- net-2.6.git.orig/net/ipv4/netfilter/ip_conntrack_netlink.c 2005-11-04 18:11:06.000000000 +0100
+++ net-2.6.git/net/ipv4/netfilter/ip_conntrack_netlink.c 2005-11-04 18:30:59.000000000 +0100
@@ -788,6 +788,12 @@ ctnetlink_get_conntrack(struct sock *ctn
err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq,
IPCTNL_MSG_CT_NEW, 1, ct);
+
+#ifdef CONFIG_IP_NF_CT_ACCT
+ if (NFNL_MSG_TYPE(nlh->nlmsg_type) == IPCTNL_MSG_CT_GET_CTRZERO)
+ memset(&ct->counters, 0, sizeof(ct->counters));
+#endif
+
ip_conntrack_put(ct);
if (err <= 0)
goto free;
More information about the netfilter-devel
mailing list