This option was already silently allowed by 991fc4ae, but didn't have any effect.
This patch adds the check and documents it. Cc: Clemence Faure <[email protected]> Signed-off-by: Asbjørn Sloth Tønnesen <[email protected]> --- Notes: I tried to create a test case, as well but I didn't seam to be able to get --label-add to work with create. conntrack.8 | 2 +- src/conntrack.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/conntrack.8 b/conntrack.8 index a981a76..970c2d7 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -146,7 +146,7 @@ In "\-\-create" mode, the mask is ignored. .TP .BI "-l, --label " "LABEL" Specify a conntrack label. -This option is only available in conjunction with "\-L, \-\-dump", "\-E, \-\-event", or "\-U \-\-update". +This option is only available in conjunction with "\-L, \-\-dump", "\-E, \-\-event", "\-U \-\-update" or "\-D \-\-delete". Match entries whose labels match at least those specified. Use multiple \-l commands to specify multiple labels that need to be set. Match entries whose labels matches at least those specified as arguments. diff --git a/src/conntrack.c b/src/conntrack.c index 45b8822..b5a0a13 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1355,6 +1355,9 @@ static int delete_cb(enum nf_conntrack_msg_type type, if (filter_mark(ct)) return NFCT_CB_CONTINUE; + if (filter_label(ct)) + return NFCT_CB_CONTINUE; + if (options & CT_COMPARISON && !nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) return NFCT_CB_CONTINUE; -- 2.6.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
