How do I use ip_conntrack_destroyed?

How do I use ip_conntrack_destroyed?

[Emmanuel Guiton]

Hei!

I am writing a new target module which needs to be aware about the 
number of conntracks that are currently known for a particular 
destination. Thus, to make my counter I wish to detect when a conntrack 
is destroyed. I have noticed the following in ip_conntrack.h :

/* Call me when a conntrack is destroyed. */
extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);

So I guess it particularly fits with my needs. But what about using it?

Is it that I have to write something like:
ip_conntrack_destroyed = &my_counter_function
in my ipt_xxxx_target function and then do my stuff in my_counter_funtcion?

Does it work like this?

              Emmanuel

How do I use ip_conntrack_destroyed?

[Emmanuel Guiton]

Hei!

I am writing a new target module which needs to be aware about the 
number of conntracks that are currently known for a particular 
destination. Thus, to make my counter I wish to detect when a conntrack 
is destroyed. I have noticed the following in ip_conntrack.h :

/* Call me when a conntrack is destroyed. */
extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);

So I guess it particularly fits with my needs. But what about using it?

Does it work so that I have to write something like:
ip_conntrack_destroyed = &my_counter_function
in my ipt_xxxx_target function and then do my stuff in my_counter_function?

Can anyone confirm/invalidate this, please?

             Emmanuel

Re: How do I use ip_conntrack_destroyed?

[KOVACS Krisztian]

   Hi,

Emmanuel Guiton wrote:
> /* Call me when a conntrack is destroyed. */
> extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
> 
> So I guess it particularly fits with my needs. But what about using it?
> 
> Does it work so that I have to write something like:
> ip_conntrack_destroyed = &my_counter_function
> in my ipt_xxxx_target function and then do my stuff in my_counter_function?

   The ip_conntrack_destroyed function pointer is actually an ugly hack so 
that NAT is able to clean up when a conntrack entry is destroyed. So, 
changing that pointer is not allowed if you're using NAT.

   I think you'd need the functionality of ctnetlink's notifier 
registration facility. See POM/extra.

-- 
   Regards,
     Krisztian KOVACS

Re: How do I use ip_conntrack_destroyed?

[Henrik Nordstrom]

On Wed, 3 Dec 2003, Emmanuel Guiton wrote:

> I am writing a new target module which needs to be aware about the 
> number of conntracks that are currently known for a particular 
> destination. Thus, to make my counter I wish to detect when a conntrack 
> is destroyed. I have noticed the following in ip_conntrack.h :
> 
> /* Call me when a conntrack is destroyed. */
> extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);

Unfortunately the comment is somewhat misleading.. while this is indeed
called when the ip conntrack is destroyed there is only one of this and it
is reserved for use by NAT. So if you use this then your target becomes 
mutually exclusive with the use of NAT which is maybe not what you want.

If you want to do this I think you should first extend
ip_conntrack_destroyed into a list of handlers with a suitable
registration functions to allow more than one module to register a 
"ip_conntrack_destroyed" function.

Regards
Henrik

Re: How do I use ip_conntrack_destroyed?

[KOVACS Krisztian]

   Hi,

Henrik Nordstrom wrote:
>>/* Call me when a conntrack is destroyed. */
>>extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
> 
> If you want to do this I think you should first extend
> ip_conntrack_destroyed into a list of handlers with a suitable
> registration functions to allow more than one module to register a 
> "ip_conntrack_destroyed" function.

   As I've mentioned, this is already done in the nfnetlink-ctnetlink patch.

-- 
   Regards,
     Krisztian KOVACS

Re: How do I use ip_conntrack_destroyed?

[Emmanuel Guiton]

Hi!

KOVACS Krisztian wrote:

>
>   Hi,
>
> Henrik Nordstrom wrote:
>
>>> /* Call me when a conntrack is destroyed. */
>>> extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
>>
>>
>> If you want to do this I think you should first extend
>> ip_conntrack_destroyed into a list of handlers with a suitable
>> registration functions to allow more than one module to register a 
>> "ip_conntrack_destroyed" function.
>
>
>   As I've mentioned, this is already done in the nfnetlink-ctnetlink 
> patch.
>
Thanks, it seems to be what I need.

Then, if I'm correct, I should register a function in my module as follows:

static struct ip_conntrack_notify ctnl_notify = { { NULL, NULL },
                        my_function_destroy,
                        NULL };

But where is "struct ip_conntrack_notify" defined?
I found the following code in a patch using google. It seems to be a 
modification of ip_conntrack.h, but my ip_conntrack.h file does not 
include these lines. And it's not in the nfnetlink patch neither. Is 
there any other patch that I should install?

-/* These are for NAT.  Icky. */
-/* Call me when a conntrack is destroyed. */
-extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
+/* This is for the ip_conntrack_notify facilities. */
+struct ip_conntrack_notify
+{
+        /* Internal use. */
+        struct list_head list;
+
+	void (*destroyed)(struct ip_conntrack *conntrack);
+        void (*created)(struct ip_conntrack *conntrack,
+                enum ip_conntrack_info info,
+                const struct net_device *in, 
+		const struct net_device *out);
+};
+
+extern int ip_conntrack_notify_register(struct ip_conntrack_notify *nb);
+extern int ip_conntrack_notify_unregister(struct ip_conntrack_notify *nb);


           Emmanuel

Re: How do I use ip_conntrack_destroyed?

[KOVACS Krisztian]

   Hi,

Emmanuel Guiton wrote:
> static struct ip_conntrack_notify ctnl_notify = { { NULL, NULL },
>                        my_function_destroy,
>                        NULL };
> 
> But where is "struct ip_conntrack_notify" defined?
> I found the following code in a patch using google. It seems to be a 
> modification of ip_conntrack.h, but my ip_conntrack.h file does not 
> include these lines. And it's not in the nfnetlink patch neither. Is 
> there any other patch that I should install?

   This was the case for an older version of nfnetlink. With 
nfnetlink-ctnetlink 0.13 you should use

static struct notifier_block my_notifier = {
	my_notifier_function,
	NULL,
	0
};

   For more info see that patch, it actually _uses_ notifiers to be able 
to catch conntrack entry related events. Note that this interface is much 
more universal, for example you can catch events when a conntrack entry is 
modified, etc. Good luck :)

-- 
   Regards,
     Krisztian KOVACS

Re: How do I use ip_conntrack_destroyed?

[Emmanuel Guiton]

Hi!

>
>   This was the case for an older version of nfnetlink. With 
> nfnetlink-ctnetlink 0.13 you should use 

Thanks, I was using the 0.11 from the last released version of pom.

>  Good luck :)
>
Why do I feel bad when you say that? :)

          Emmanuel

Re: How do I use ip_conntrack_destroyed?

[Emmanuel Guiton]

KOVACS Krisztian wrote:

>   This was the case for an older version of nfnetlink. With 
> nfnetlink-ctnetlink 0.13 you should use
>
> static struct notifier_block my_notifier = {
>     my_notifier_function,
>     NULL,
>     0
> };
>
>   For more info see that patch, it actually _uses_ notifiers to be 
> able to catch conntrack entry related events. Note that this interface 
> is much more universal, for example you can catch events when a 
> conntrack entry is modified, etc. Good luck :)
>

About this patch, I cannot install it. I started over from a clean linux 
2.4.22 kernel and applied the patches. First I used ./runme base and 
applied everything I could. then I used ./runme extra and in the extra 
patches I only tried to apply the nfnetlinc patch (thus I did not 
install the two conflicting patches - ctstat and netfilter-docbook). 
Still, it does not work. Is there any other required/conflicted patch 
that I am not aware of?


             Emmanuel

PS: for information, the output of pom:


Testing... nfnetlink-ctnetlink-0.13.patch NOT APPLIED (4 missing files)
The extra/nfnetlink-ctnetlink-0.13 patch:
   Author: Harald Welte <laforge@gnumonks.org>, Jay Schulist 
<jschlst@samba.org>,
   Patrick McHardy <kaber@trash.net>
   Status: Under development, but stabilizing now.
  
   Add recent work by patrick (notifiers, event messages to userspace.
  
-----------------------------------------------------------------
Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
Patch extra/nfnetlink-ctnetlink-0.13.patch conflicts with 
extra/netfilter-docbook.patch...
netfilter-docbook.patch NOT APPLIED (33 rejects out of 33 hunks)
Patch extra/nfnetlink-ctnetlink-0.13.patch conflicts with 
extra/ctstat.patch...
ctstat.patch NOT APPLIED (15 rejects out of 15 hunks)
Testing patch extra/nfnetlink-ctnetlink-0.13.patch...
   Placed new Config.in line
   Placed new Config.in line
   Placed new Makefile line
   Placed new ip_conntrack.h line
   Placed new ip_conntrack.h line
   Placed new ip_conntrack.h line
   Placed new ip_conntrack.h line
   Placed new ip_conntrack.h line
   Placed new ip_conntrack.h line
   Placed new ip_conntrack.h line
   Placed new ip_conntrack.h line
Failed to patch copy of /usr/src/linux-2.4.22
TEST FAILED: patch NOT applied.