From 59341681d3dcc3e17105261425b5f08ab954a948 Mon Sep 17 00:00:00 2001 From: Vadim Kochan Date: Sat, 25 Jul 2015 19:09:39 +0300 Subject: flowtop: Fix collector stuck while flush IPv6 flows Seems it was caused by specifying all netfilter groups when flushing connections. Used separated nfct instance w/o netfilter groups to flush ipv4/ipv6 connections. More info can be fetched from the issue item on github: https://github.com/netsniff-ng/netsniff-ng/issues/145 Signed-off-by: Vadim Kochan Signed-off-by: Daniel Borkmann --- flowtop.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/flowtop.c b/flowtop.c index 9b7e0dc..9d935e1 100644 --- a/flowtop.c +++ b/flowtop.c @@ -1044,9 +1044,22 @@ static int collector_cb(enum nf_conntrack_msg_type type, return NFCT_CB_CONTINUE; } -static inline void collector_flush(struct nfct_handle *handle, uint8_t family) +static inline void collector_flush(void) { - nfct_query(handle, NFCT_Q_FLUSH, &family); + struct nfct_handle *nfct = nfct_open(CONNTRACK, 0); + uint8_t family; + + if (!nfct) + panic("Cannot create a nfct to flush connections: %s\n", + strerror(errno)); + + family = AF_INET; + nfct_query(nfct, NFCT_Q_FLUSH, &family); + + family = AF_INET6; + nfct_query(nfct, NFCT_Q_FLUSH, &family); + + nfct_close(nfct); } static void restore_sysctl(void *value) @@ -1121,15 +1134,14 @@ static void *collector(void *null __maybe_unused) struct pollfd poll_fd[1]; int ret; + collector_flush(); + ct_event = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_UPDATE | NF_NETLINK_CONNTRACK_DESTROY); if (!ct_event) panic("Cannot create a nfct handle: %s\n", strerror(errno)); - collector_flush(ct_event, AF_INET); - collector_flush(ct_event, AF_INET6); - filter = nfct_filter_create(); if (!filter) panic("Cannot create a nfct filter: %s\n", strerror(errno)); -- cgit v1.2.3-54-g00ecf