From: Thomas Mader <thezema@gmail.com>
To: netfilter-devel@lists.netfilter.org
Subject: remove connections notification by conntrack?
Date: Fri, 22 Sep 2006 13:59:14 +0200 [thread overview]
Message-ID: <200609221359.22676.thezema@gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1505 bytes --]
Hello,
We wrote a netfilter module which is using conntrack to distinguish different
connections. We only need this for UDP "connections" and we use the following
functions from conntrack to achieve that.
proto = ip_conntrack_proto_find_get(skb->nh.iph->protocol);
if (ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4, &tuple,proto)) {
h = ip_conntrack_find_get(&tuple, NULL);
....
}
We use the connection IDs of conntrack to distinguish between the connections
within a list.
The problem we are having is that we also need to delete entries out of that
list if a connection is going to be removed but we didn't find a proper
solution to that.
We tried to define a function for ip_conntrack_destroyed but this doesn't seem
to be called properly because when a UDP connection is removed
from /proc/net/ip_conntrack the function will not be called. Nevertheless the
function is called but with, for us, unknown connection IDs and to strange
times.
This method also doesn't seem to be a good solution because NAT seems to be
using it and this would mean we would get troubles if our module is running
while NAT is running too.
We also tried the notifier system of conntrack with registering on it.
(ip_conntrack_register_notifier(&nb);)
But this doesn't seem to give us the needed information.
Now the question for us is, if we can somehow implement a nice solution for
this.
Does somebody know of such a solution?
Best regards,
Thomas Mader
[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]
next reply other threads:[~2006-09-22 11:59 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-22 11:59 Thomas Mader [this message]
2006-09-22 12:58 ` remove connections notification by conntrack? Pablo Neira Ayuso
2006-09-22 13:19 ` Thomas Mader
2006-09-22 15:00 ` Pablo Neira Ayuso
2006-09-23 9:23 ` Thomas Mader
2006-09-24 3:10 ` Pablo Neira Ayuso
2006-09-24 9:51 ` Thomas Mader
2006-09-24 15:34 ` Pablo Neira Ayuso
2006-10-15 13:01 ` Thomas Mader
2006-10-15 16:11 ` Pablo Neira Ayuso
2006-10-15 17:03 ` Thomas Mader
2006-09-25 17:12 ` Alan Ezust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200609221359.22676.thezema@gmail.com \
--to=thezema@gmail.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.