From: Pablo Neira <pablo@eurodev.net>
To: "Daniel Corrêa de Azevedo" <nielca@linkexpress.com.br>,
"Netfilter Development Mailinglist"
<netfilter-devel@lists.netfilter.org>,
"Henrik Nordstrom" <hno@marasystems.com>
Subject: Re: /proc/net/ip_conntrack
Date: Wed, 30 Jun 2004 15:37:10 +0200 [thread overview]
Message-ID: <40E2C206.1070302@eurodev.net> (raw)
In-Reply-To: <20040630130806.M61849@linkexpress.com.br>
Hi Daniel,
Daniel Corrêa de Azevedo wrote:
> I've just figured that out spending the hole night studing ip_conntrack source.
>
oh, welcome to the club. :-)
> Since I'm
>really starting with advanced programming, it took me some time to figured out that
>ip_conntrack matching works as a LKM (Loable Kernel Module) and that to write to the
>/proc/net/ip_conntrack file, it should be a LKM too.
> Tough, I still wonder if is there a solution to this problem.
>
sure, there is :-).
> I was thinking of LKMs and
>wondering if it is possible to one write a LKM that interacts with the ip_conntrack LKM to
>write entries to /proc/net/ip_conntrack? Or even write directly to it?
>
>
that's a misconception, you can't write to /proc/net/ip_conntrack. As
Henrik pointed out, /proc/net/ip_conntrack is just an interface to give
you a snapshot of the current state of the conntrack table. As this
often get people confused, actually the replication of the conntrack is
a problem a bit more complex than writing /proc/net/ip_conntrack.
Surely you can write a LKM which interacts with the ip_conntrack module,
but you'll also need to export some symbols to do.
> I've just loaded ip_conntrack LKM indirectly by inserting a statefull rule to iptables and
>checkout what symbols it makes available.
>
check ip_conntrack_standalone.c to see exported symbols by the conntrack
system.
> Any way, what do you think about this? Does it sound like nonsense (I've just my first
>contact with LKM...) or it maybe possible?
>
>
you should forget your thoughts about the /proc interface and start
understanding some ip_conntrack internal to replicate the information to
some backup's machines.
regards,
Pablo
next prev parent reply other threads:[~2004-06-30 13:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-29 21:40 /proc/net/ip_conntrack Daniel Corrêa de Azevedo
2004-06-30 10:38 ` /proc/net/ip_conntrack Henrik Nordstrom
2004-06-30 14:28 ` /proc/net/ip_conntrack Daniel Corrêa de Azevedo
2004-06-30 13:37 ` Pablo Neira [this message]
2004-06-30 16:32 ` /proc/net/ip_conntrack Henrik Nordstrom
-- strict thread matches above, loose matches on Subject: below --
2003-03-20 13:38 /proc/net/ip_conntrack Martin Zdila
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40E2C206.1070302@eurodev.net \
--to=pablo@eurodev.net \
--cc=hno@marasystems.com \
--cc=netfilter-devel@lists.netfilter.org \
--cc=nielca@linkexpress.com.br \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.