* Polling for conntrack events
@ 2010-04-26 15:20 Morgon J. Kanter
2010-04-27 18:11 ` Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: Morgon J. Kanter @ 2010-04-26 15:20 UTC (permalink / raw)
To: netfilter
Hi,
I'm developing an application that uses libnetfilter_conntrack to note when
connections start and end as part of what it does. So far I've been able to do
just fine is use nfct_filter with nfct_catch and have a function called
whenever the appropriately filtered conntrack events happen. This works well,
but my program doesn't *just* look for conntrack events and act on them. To
keep it single-threaded what I'd like to do is just be able to poll for
conntrack events, with poll() or select() or whatever.
What I attempted was extracting the netlink fd with the filter applied, and
running select() on a set containing just that, and then using nfct_query().
This didn't work at all though -- when filtered conntrack events do happen,
apparently nothing is pushed down that file descriptor. Is there any way to do
what I want? I didn't see anything that was using this sort of functionality
in the utils directory.
Thanks,
-- Morgon
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Polling for conntrack events
2010-04-26 15:20 Polling for conntrack events Morgon J. Kanter
@ 2010-04-27 18:11 ` Pablo Neira Ayuso
2010-04-28 8:03 ` Eric Leblond
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2010-04-27 18:11 UTC (permalink / raw)
To: Morgon J. Kanter; +Cc: netfilter
Morgon J. Kanter wrote:
> Hi,
>
> I'm developing an application that uses libnetfilter_conntrack to note when
> connections start and end as part of what it does. So far I've been able to do
> just fine is use nfct_filter with nfct_catch and have a function called
> whenever the appropriately filtered conntrack events happen. This works well,
> but my program doesn't *just* look for conntrack events and act on them. To
> keep it single-threaded what I'd like to do is just be able to poll for
> conntrack events, with poll() or select() or whatever.
IRC, you can use nfct_fd() to get the netlink file descriptor.
> What I attempted was extracting the netlink fd with the filter applied, and
> running select() on a set containing just that, and then using nfct_query().
nfct_query() is not of any use to listen to events.
> This didn't work at all though -- when filtered conntrack events do happen,
> apparently nothing is pushed down that file descriptor. Is there any way to do
> what I want? I didn't see anything that was using this sort of functionality
> in the utils directory.
You can look at the conntrack-tools, specifically conntrackd, it does
more or less what you seem to need.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Polling for conntrack events
2010-04-27 18:11 ` Pablo Neira Ayuso
@ 2010-04-28 8:03 ` Eric Leblond
0 siblings, 0 replies; 3+ messages in thread
From: Eric Leblond @ 2010-04-28 8:03 UTC (permalink / raw)
To: Morgon J. Kanter; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 1765 bytes --]
Hi,
Le mardi 27 avril 2010 à 20:11 +0200, Pablo Neira Ayuso a écrit :
> Morgon J. Kanter wrote:
> > Hi,
> >
> > I'm developing an application that uses libnetfilter_conntrack to note when
> > connections start and end as part of what it does. So far I've been able to do
> > just fine is use nfct_filter with nfct_catch and have a function called
> > whenever the appropriately filtered conntrack events happen. This works well,
> > but my program doesn't *just* look for conntrack events and act on them. To
> > keep it single-threaded what I'd like to do is just be able to poll for
> > conntrack events, with poll() or select() or whatever.
>
> IRC, you can use nfct_fd() to get the netlink file descriptor.
>
> > What I attempted was extracting the netlink fd with the filter applied, and
> > running select() on a set containing just that, and then using nfct_query().
>
> nfct_query() is not of any use to listen to events.
>
> > This didn't work at all though -- when filtered conntrack events do happen,
> > apparently nothing is pushed down that file descriptor. Is there any way to do
> > what I want? I didn't see anything that was using this sort of functionality
> > in the utils directory.
>
> You can look at the conntrack-tools, specifically conntrackd, it does
> more or less what you seem to need.
Or have a look at ulogd2 NFCT input plugin. By the way, ulogd2 may be a
good starting point for your application...
See the following url for the code:
http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=blob;f=input/flow/ulogd_inpflow_NFCT.c
BR,
--
Éric Leblond, eleblond@edenwall.com
Téléphone : +33 1 40 24 65 04, Fax : +33 9 57 21 48 75
EdenWall, http://www.edenwall.com
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-04-28 8:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-04-26 15:20 Polling for conntrack events Morgon J. Kanter
2010-04-27 18:11 ` Pablo Neira Ayuso
2010-04-28 8:03 ` Eric Leblond
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.