Henrik Nordstrom wrote:

  

    
I also don't understand the way ctinfo is calculate. This stuff...

403 <http://lxr.linux.no/source/net/ipv4/netfilter/ip_conntrack_core.c#L403>         *//* ctinfo is the index of the nfct inside the conntrack *//*
404 <http://lxr.linux.no/source/net/ipv4/netfilter/ip_conntrack_core.c#L404>         *ctinfo = nfct - ct->infos;
    

  

  

Neither do I.. but then I have never needed to care as ip_conntrack_get()  
and the conntrack core does a good job of hiding the magics in that area.. 
it is probably quite simple reasons behind this odd looking construct.

Regards
Henrik


  



Execuse me for the late response,for I thought my colleague would taken the
responsibility. As I think, just same as me, Pablo must be very interested
in learning netfilter ;)!



while a new ip_conntrack cache initiates, every member infos[i](nf_ct_info
structure) then be charged with the same address value pointing to the ip_conntrack
cache's begining address(it's the address of its first member nf_conntrack
structure naming ct_general also).



code reference:ip_conntrack_core.c ->init_conntrack ->

    for (i=0; i < IP_CT_NUMBER; i++)

        conntrack->infos[i].master = &conntrack->ct_general;



either the first packet which initiates the ip_conntrack initiation or any
subsequent packets belonging to this connection, after resolve_normal_ct,
will get its member pointer structure nf_ct_info naming nfct burned the address
pointing to the concerning infos[i](the i is right the ctinfo we figure out
during resolve_normal_ct, as you know, which indecates the relation this
packet with its belonging connection).



code reference:ip_conntrack_core.c ->resolve_normal_ct ->

skb->nfct = &h->ctrack->infos[*ctinfo];



ok! now with the address of info[i] the pskb get, we can figure out two things.First,
following the pointer to its address, with the value it keeps, we get  the
address of the ip_conntrack.Second,following the ip_conntrack we can get
the address of infos[0],then with infos[i]-infos[0](nfct-ct->infos),we
get the i, which is right the *ctinfo we wanna know! 



code reference:ip_conntrack_core.c ->__ip_conntrack_get ->

struct ip_conntrack *ct

        = (struct ip_conntrack *)nfct->master; -------------------------------------->first



    /* ctinfo is the index of the nfct inside the conntrack */

    *ctinfo = nfct - ct->infos;                          -------------------------------------->second



I don't know if this answer your question? if not, it's time to improve my
English expression ;)!