From: Vadim Kochan <[email protected]>
Seems it was caused by specifying all netfilter groups
when flushing connections.
Used separated nfct instance w/o netfilter groups to
flush ipv4/ipv6 connections.
More info can be fetched from the issue item on github:
https://github.com/netsniff-ng/netsniff-ng/issues/145
Signed-off-by: Vadim Kochan <[email protected]>
---
flowtop.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/flowtop.c b/flowtop.c
index 0927ff5..d2fac50 100644
--- a/flowtop.c
+++ b/flowtop.c
@@ -1044,9 +1044,22 @@ static int collector_cb(enum nf_conntrack_msg_type type,
return NFCT_CB_CONTINUE;
}
-static inline void collector_flush(struct nfct_handle *handle, uint8_t family)
+static inline void collector_flush(void)
{
- nfct_query(handle, NFCT_Q_FLUSH, &family);
+ struct nfct_handle *nfct = nfct_open(CONNTRACK, 0);
+ uint8_t family;
+
+ if (!nfct)
+ panic("Cannot create a nfct to flush connections: %s\n",
+ strerror(errno));
+
+ family = AF_INET;
+ nfct_query(nfct, NFCT_Q_FLUSH, &family);
+
+ family = AF_INET6;
+ nfct_query(nfct, NFCT_Q_FLUSH, &family);
+
+ nfct_close(nfct);
}
static void restore_sysctl(void *value)
@@ -1121,15 +1134,14 @@ static void *collector(void *null __maybe_unused)
struct pollfd poll_fd[1];
int ret;
+ collector_flush();
+
ct_event = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW |
NF_NETLINK_CONNTRACK_UPDATE |
NF_NETLINK_CONNTRACK_DESTROY);
if (!ct_event)
panic("Cannot create a nfct handle: %s\n", strerror(errno));
- collector_flush(ct_event, AF_INET);
- collector_flush(ct_event, AF_INET6);
-
filter = nfct_filter_create();
if (!filter)
panic("Cannot create a nfct filter: %s\n", strerror(errno));
--
2.4.2
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
