@@ -1578,6 +1578,11 @@ nfct_filter_network_direction(const struct nf_conntrack *ct, enum ct_direction d
enum nf_conntrack_attr attr;
struct ct_network *net = &dir2network[dir];
+ if (family == AF_UNSPEC) {
+ exit_error(OTHER_PROBLEM,
+ "Internal Error: unspecified Family!");
+ }
+
if (nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO) != family)
return 1;
@@ -2433,6 +2438,10 @@ nfct_filter_init(const int family)
{
filter_family = family;
if (options & CT_OPT_MASK_SRC) {
+ if (family == AF_UNSPEC) {
+ exit_error(OTHER_PROBLEM,
+ "Internal Error: unspecified Family!");
+ }
if (!(options & CT_OPT_ORIG_SRC))
exit_error(PARAMETER_PROBLEM,
"Can't use --mask-src without --src");
@@ -2440,6 +2449,10 @@ nfct_filter_init(const int family)
}
if (options & CT_OPT_MASK_DST) {
+ if (family == AF_UNSPEC) {
+ exit_error(OTHER_PROBLEM,
+ "Internal Error: unspecified Family!");
+ }
if (!(options & CT_OPT_ORIG_DST))
exit_error(PARAMETER_PROBLEM,
"Can't use --mask-dst without --dst");
@@ -2894,7 +2907,9 @@ parse_opts:
}
/* default family */
- if (family == AF_UNSPEC)
+ if (family == AF_UNSPEC
+ && command != CT_LIST
+ && command != CT_DELETE)
family = AF_INET;
/* we cannot check this combination with generic_opt_check. */
@@ -2993,9 +3008,12 @@ parse_opts:
NFCT_FILTER_DUMP_MARK,
&tmpl.filter_mark_kernel);
}
- nfct_filter_dump_set_attr_u8(filter_dump,
- NFCT_FILTER_DUMP_L3NUM,
- family);
+
+ if (family != AF_UNSPEC) {
+ nfct_filter_dump_set_attr_u8(filter_dump,
+ NFCT_FILTER_DUMP_L3NUM,
+ family);
+ }
if (options & CT_OPT_ZERO)
res = nfct_query(cth, NFCT_Q_DUMP_FILTER_RESET,
@@ -3104,9 +3122,12 @@ parse_opts:
NFCT_FILTER_DUMP_MARK,
&tmpl.filter_mark_kernel);
}
- nfct_filter_dump_set_attr_u8(filter_dump,
- NFCT_FILTER_DUMP_L3NUM,
- family);
+
+ if (family != AF_UNSPEC) {
+ nfct_filter_dump_set_attr_u8(filter_dump,
+ NFCT_FILTER_DUMP_L3NUM,
+ family);
+ }
res = nfct_query(cth, NFCT_Q_DUMP_FILTER, filter_dump);
Starting commit 2bcbae4c14b253176d7570e6f6acc56e521ceb5e conntrack -L as well as conntrack -D list/delete IPv4 entries only if no family is specified. Restore original behavior to list/delete both IPv4 and IPv6 entries if no family is specified. Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> --- src/conntrack.c | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-)