Pablo Neira Ayuso wrote:
> Phil Dibowitz wrote:
>> Another question - is there a way to get the nfct flags map outside of a
>> hook? I don't see a way to pull it down, but I could be missing it.
> 
> Sorry, I don't understand what you mean.

Inside nfct there is a flags unsigned int that says stuff like "do you have
counters enabled" and various other things. Is there a function I can call
to get it?

For example - if a user requests display of byte/packet counters, I'd like
to be able to check if support for that is in the kernel, if it's not, say
so, throw a message about it, and then continue on rather than figure it out
in a hook and try and save off some data about it so I can handle it later.

> BTW, I suggest you to have a look a new_api_test.c under utils/ to get
> quick look on the new API. The old API is deprecated and will vanish
> sooner or later, new apps must use the new API.

Thakns for the heads up. ..and I just ported my app from
/proc/net/ip_conntrack to libnetfilter-conntrack-0.0.30. Just so I know, do
you plan any other major API changes soon?

Anyway... new_api_test.c does _test_ the API... the only thing I currently
use in my app is

nfct_open()
nfct_register_callback()
nfct_dump_conntrack_table()
nfct_close()

and then in my hook I just go digging through the nfct_conntrack struct for
the data I want.

The struct appears the same. But instead of dump_conntrack, it looks like
I'd call nfct_callback_register() with NFCT_ALL and then nfct_query with
NFCT_Q_DUMP... or am I missing some other change here from a quick glance at
the code?

Thanks again,
-- 
Phil Dibowitz                             phil@ipom.com
Open Source software and tech docs        Insanity Palace of Metallica
http://www.phildev.net/                   http://www.ipom.com/

"Never write it in C if you can do it in 'awk';
 Never do it in 'awk' if 'sed' can handle it;
 Never use 'sed' when 'tr' can do the job;
 Never invoke 'tr' when 'cat' is sufficient;
 Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming