Zero counter IPCTNL_MSG_CT_GET_CTRZERO while listing does not work

[richardle1988]

I use the library and implement a program to dump conntrack info of the system like the tool conntrack -L -z. The program can work but the conntrack's counters are not cleared after dumping. Is there any thing I was missing? Appreciate if anyone can help. Thanks

  struct nl_cache *cache = NULL;

  if ((err = nl_cache_alloc_name("netfilter/ct", &cache)) < 0) {
    printf("nl_cache_alloc_name() failed: %s", nl_geterror(err));
    goto exit;
  }

  if ((err = nfnl_send_simple(sock, NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET_CTRZERO,
                              NLM_F_DUMP, AF_UNSPEC, 0)) < 0) {
    printf("nfnl_send_simple() failed: %s", nl_geterror(err));
    goto exit;
}

  if ((err = nl_socket_modify_cb(sock, NL_CB_VALID, NL_CB_CUSTOM,                               
           my_conntrack_to_parse_and_add_to_cache_cb, cache)) < 0) {
    printf("nl_socket_modify_cb() failed: %s", nl_geterror(err));
    goto exit;
  }

  if ((err = nl_recvmsgs_default(sock)) < 0) {
    printf("nl_recvmsgs_default() failed: %s", nl_geterror(err)); {
    goto exit;
  }

[thom311]

I reply, since I am the maintainer. But I am not familiar with conntrack. Sorry, I don't know.

Maybe a more complete (working) reproducer would be helpful?

[thom311]

It's not clear to me what to do about this issue. I think it's incomplete. Closing.

If you still want to address this, please comment and discuss more (we can reopen then). Thanks.