* Conntrack table editing utility
@ 2005-07-28 16:13 ianabel
2005-07-31 18:47 ` /dev/rob0
2005-07-31 22:58 ` Philip Prudich
0 siblings, 2 replies; 5+ messages in thread
From: ianabel @ 2005-07-28 16:13 UTC (permalink / raw)
To: netfilter
Hi,
I've had a request to develop/find a utility that can selectively remove entries
from the conntrack table on linux 2.4. So if you changed where a tcp port dnats
to in iptables you could vape any existing conntrack entry relating to it and
any future packets will go to the new dnat target.
I'm mailing the list to find out if
a) Theres a blatant reason why this is a BAD THING to be thinking about doing.
b) See if a utility already exists
Thanks in advance for any help,
Yours,
Ian Abel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Conntrack table editing utility
2005-07-28 16:13 Conntrack table editing utility ianabel
@ 2005-07-31 18:47 ` /dev/rob0
2005-08-02 1:20 ` srg
2005-07-31 22:58 ` Philip Prudich
1 sibling, 1 reply; 5+ messages in thread
From: /dev/rob0 @ 2005-07-31 18:47 UTC (permalink / raw)
To: netfilter
ianabel@mxtelecom.com wrote:
> a) Theres a blatant reason why this is a BAD THING to be thinking about doing.
> b) See if a utility already exists
I don't know, but I'd sure like such a utility. Would a better approach
be to hack the kernel such that you could use echo/cat commands on the
table?
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Conntrack table editing utility
2005-07-31 18:47 ` /dev/rob0
@ 2005-08-02 1:20 ` srg
[not found] ` <42EF26C8.8090302@mnemon.de>
0 siblings, 1 reply; 5+ messages in thread
From: srg @ 2005-08-02 1:20 UTC (permalink / raw)
To: netfilter
there is a file (don't remember the name) under /proc that have all
contrack entries
/dev/rob0 wrote:
> ianabel@mxtelecom.com wrote:
>
>> a) Theres a blatant reason why this is a BAD THING to be thinking
>> about doing.
>> b) See if a utility already exists
>
>
> I don't know, but I'd sure like such a utility. Would a better
> approach be to hack the kernel such that you could use echo/cat
> commands on the table?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Conntrack table editing utility
2005-07-28 16:13 Conntrack table editing utility ianabel
2005-07-31 18:47 ` /dev/rob0
@ 2005-07-31 22:58 ` Philip Prudich
1 sibling, 0 replies; 5+ messages in thread
From: Philip Prudich @ 2005-07-31 22:58 UTC (permalink / raw)
To: ianabel; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 459 bytes --]
> b) See if a utility already exists
While not a finished "utility," you probably want to look into the
nfnetlink_conntrack patch for implementation. It provides the "delete
conntrack entry X" functionality, among other things. I had success using
this with a fedora core 1 release, 2.4.22 kernel (for doing a similar sort of
thing as you're working on). The nfnetlink_conntrack patch I used was version
0.13.
Hope this helps.
phil
[-- Attachment #2: Type: application/pgp-signature, Size: 185 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-08-17 20:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-28 16:13 Conntrack table editing utility ianabel
2005-07-31 18:47 ` /dev/rob0
2005-08-02 1:20 ` srg
[not found] ` <42EF26C8.8090302@mnemon.de>
2005-08-17 20:48 ` Ray Van Dolson
2005-07-31 22:58 ` Philip Prudich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.