adding data fields to netfilter_conntrack / conntrack events

adding data fields to netfilter_conntrack / conntrack events

[Stuart Zilm]

I'm trying to add some more data to that which gets passed across the  
netlink socket for conntrack events, but can't seem to get the data  
from the kernel to arrive in userspace.

I've added the following to net/ipv4/netfilter/ip_conntrack_netlink.c:

static inline int
ctnetlink_dump_foo(struct sk_buff *skb, const struct ip_conntrack *ct)
{
	char dummy[sizeof(struct timeval)] = {0xde, 0xad, 0xde, 0xad, 0xde,  
0xad, 0xde, 0xad};

	NFA_PUT(skb, CTA_FOO, sizeof(struct timeval), dummy);
	
	return 0;

nfattr_failure:
         printk("<6>ctnetlink_dump_foo: nfattr_failure\n");
         return -1;
}

// note that CTA_FOO = 13

and ensured it is called within ctnetlink_conntrack_event(...).  A  
raw dump of the skb to be send over the netlink socket confirms the  
magic number at the end of the packet.

However, on the userspace side (conntrack-1.00beta1,  
libnetfilter_conntrack-0.0.30, libnfnetlink-0.0.14), the data does  
not seem to arrive correctly.  Calling nfnl_dump_packet(...) on the  
nlmsghdr within nfnl_listen(...) in libnfnetlink.c indicates that the  
payload should contain the data:
...
nfa@0xbfdfa9c4: nfa_type=13, nfa_len=12
...

but there are only zeroes where the magic number should be!

Can anyone help me to understand why this data is not traversing the  
netlink socket intact from kernel space to user space?
Thank you for any assistance,

Stuart Zilm
PresiNET Systems

Re: adding data fields to netfilter_conntrack / conntrack events

[Jarek Poplawski]

On 23-08-2006 00:41, Stuart Zilm wrote:
> I'm trying to add some more data to that which gets passed across the 
> netlink socket for conntrack events, but can't seem to get the data from 
> the kernel to arrive in userspace.
> 
> I've added the following to net/ipv4/netfilter/ip_conntrack_netlink.c:
> 
> static inline int
> ctnetlink_dump_foo(struct sk_buff *skb, const struct ip_conntrack *ct)
> {
>     char dummy[sizeof(struct timeval)] = {0xde, 0xad, 0xde, 0xad, 0xde, 
> 0xad, 0xde, 0xad};
> 
>     NFA_PUT(skb, CTA_FOO, sizeof(struct timeval), dummy);
>     
>     return 0;
> 
> nfattr_failure:
>         printk("<6>ctnetlink_dump_foo: nfattr_failure\n");
>         return -1;
> }
> 
> // note that CTA_FOO = 13

I didn't check this but: did you see this change status 
function's processing with CTA_NAT_DST (13)?

Jarek P.

Re: adding data fields to netfilter_conntrack / conntrack events

[Stuart Zilm]

On 23-Aug-06, at 5:47 AM, Jarek Poplawski wrote:
> I didn't check this but: did you see this change status
> function's processing with CTA_NAT_DST (13)?

Do you mean using CTA_NAT_DST instead of CTA_FOO in the NFA_PUT(...)  
macro?  CTA_NAT_DST and CTA_FOO are both members of enum ctattr_type  
- CTA_FOO was added to the end of the enum, just before __CTA_MAX.

Re: adding data fields to netfilter_conntrack / conntrack events

[Jarek Poplawski]

On 24-08-2006 01:39, Stuart Zilm wrote:
> 
> On 23-Aug-06, at 5:47 AM, Jarek Poplawski wrote:
>> I didn't check this but: did you see this change status
>> function's processing with CTA_NAT_DST (13)?
> 
> Do you mean using CTA_NAT_DST instead of CTA_FOO in the NFA_PUT(...) 
> macro?  CTA_NAT_DST and CTA_FOO are both members of enum ctattr_type - 
> CTA_FOO was added to the end of the enum, just before __CTA_MAX.

I'm very sorry for misunderstanding! You've written it shortly 
and I checked in linux-2.6.18-rc4 only (also shortly) where 13 is 
occupied.

Jarek P.