target/linux/generic/patches-3.9/604-netfilter_conntrack_flush.patch

   1 --- a/net/netfilter/nf_conntrack_standalone.c
   2 +++ b/net/netfilter/nf_conntrack_standalone.c
   3 @@ -267,10 +267,34 @@ static int ct_open(struct inode *inode,
   4                         sizeof(struct ct_iter_state));
   5  }
   6
   7 +static int kill_all(struct nf_conn *i, void *data)
   8 +{
   9 +    return 1;
  10 +}
  11 +
  12 +static ssize_t ct_file_write(struct file *file, const char __user *buf,
  13 +                            size_t count, loff_t *ppos)
  14 +{
  15 +       struct seq_file *seq = file->private_data;
  16 +       struct net *net = seq_file_net(seq);
  17 +
  18 +       if (count) {
  19 +               char c;
  20 +
  21 +               if (get_user(c, buf))
  22 +                       return -EFAULT;
  23 +
  24 +               if (c == 'f')
  25 +                       nf_ct_iterate_cleanup(net, kill_all, NULL);
  26 +       }
  27 +       return count;
  28 +}
  29 +
  30  static const struct file_operations ct_file_ops = {
  31         .owner   = THIS_MODULE,
  32         .open    = ct_open,
  33         .read    = seq_read,
  34 +       .write   = ct_file_write,
  35         .llseek  = seq_lseek,
  36         .release = seq_release_net,
  37  };
  38 @@ -372,7 +396,7 @@ static int nf_conntrack_standalone_init_
  39  {
  40         struct proc_dir_entry *pde;
  41
  42 -       pde = proc_create("nf_conntrack", 0440, net->proc_net, &ct_file_ops);
  43 +       pde = proc_create("nf_conntrack", 0660, net->proc_net, &ct_file_ops);
  44         if (!pde)
  45                 goto out_nf_conntrack;
  46