netfilter: conntrack: add nf_ct_iterate_destroy
authorFlorian Westphal <fw@strlen.de>
Sun, 21 May 2017 10:52:57 +0000 (12:52 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 29 May 2017 10:46:10 +0000 (12:46 +0200)
commit2843fb69980b84dfa939733c91dceae533aa89e9
tree80efc8446362851d478a9d421991d7f2f0b7effd
parentb0feacaad13a0aa9657c37ed80991575981e2e3b
netfilter: conntrack: add nf_ct_iterate_destroy

sledgehammer to be used on module unload (to remove affected conntracks
from all namespaces).

It will also flag all unconfirmed conntracks as dying, i.e. they will
not be committed to main table.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c