* conntrack: Connection close event?
@ 2007-08-22 18:01 Cedrix
2007-08-22 19:10 ` Krzysztof Oledzki
2007-08-22 21:48 ` Eric Leblond
0 siblings, 2 replies; 4+ messages in thread
From: Cedrix @ 2007-08-22 18:01 UTC (permalink / raw)
To: netfilter-devel
Hi,
this is my first request. I checked google, nf-faqs and conntrack-homepage
without sufficient results for this problem:
In Short: I need to know when a connection (TCP or UDP) gets closed. I want
to use conntrack, because I can track UDP more easily.
My thoughts so far: The /proc/net/ip_conntrack reacts very quick when a
close happens, but it's not conveniant to check in my C/C++ application. So,
in further reading I 've seen in the source some kind of "event-handling".
(Listening Event for new connection, etc.)
My question: What's the best method to see if a connection gets closed.
(Also, connection opened).
Btw: I use iptables -I FORWARD -m -state --NEW -m --LOG -log-prefix "New
Connection established: " to log established connections, so it would be
nice (but not necessary) if I can use the LOG for closing-connections, too -
OR alternatively - use a conntrack-event for detecting NEW connections, too.
Any help or comment is appreciated! Thanks.
Cedrix.
[--XCN-SF--]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack: Connection close event?
2007-08-22 18:01 conntrack: Connection close event? Cedrix
@ 2007-08-22 19:10 ` Krzysztof Oledzki
2007-08-22 23:17 ` Cedrix
2007-08-22 21:48 ` Eric Leblond
1 sibling, 1 reply; 4+ messages in thread
From: Krzysztof Oledzki @ 2007-08-22 19:10 UTC (permalink / raw)
To: Cedrix; +Cc: netfilter-devel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2322 bytes --]
On Wed, 22 Aug 2007, Cedrix wrote:
> Hi,
>
> this is my first request. I checked google, nf-faqs and conntrack-homepage
> without sufficient results for this problem:
>
> In Short: I need to know when a connection (TCP or UDP) gets closed. I want
> to use conntrack, because I can track UDP more easily.
>
> My thoughts so far: The /proc/net/ip_conntrack reacts very quick when a close
> happens, but it's not conveniant to check in my C/C++ application. So, in
> further reading I 've seen in the source some kind of "event-handling".
> (Listening Event for new connection, etc.)
>
> My question: What's the best method to see if a connection gets closed.
> (Also, connection opened).
>
> Btw: I use iptables -I FORWARD -m -state --NEW -m --LOG -log-prefix "New
> Connection established: " to log established connections, so it would be nice
> (but not necessary) if I can use the LOG for closing-connections, too - OR
> alternatively - use a conntrack-event for detecting NEW connections, too.
>
> Any help or comment is appreciated! Thanks.
Something like nfnetlink & "conntrack -E --event-mask NEW,DESTROY -o timestamp"?:
[1187809641.802599] [DESTROY] udp 17 src=192.168.194.11 dst=192.168.194.255 sport=138 dport=138 packets=1 bytes=233 src=192.168.194.255 dst=192.168.194.11 sport=138 dport=138 packets=0 bytes=0
[1187809641.963684] [DESTROY] tcp 6 src=192.168.50.13 dst=192.168.50.21 sport=40153 dport=80 packets=5 bytes=679 src=192.168.50.21 dst=192.168.50.13 sport=80 dport=40153 packets=3 bytes=1332
[1187809642.134908] [DESTROY] tcp 6 src=192.168.50.13 dst=192.168.50.21 sport=40154 dport=80 packets=5 bytes=519 src=192.168.50.21 dst=192.168.50.13 sport=80 dport=40154 packets=3 bytes=591
[1187809642.192142] [DESTROY] tcp 6 src=192.168.50.13 dst=192.168.50.21 sport=40155 dport=80 packets=5 bytes=515 src=192.168.50.21 dst=192.168.50.13 sport=80 dport=40155 packets=3 bytes=583
[1187809642.254526] [DESTROY] udp 17 src=192.168.148.3 dst=192.168.148.13 sport=36258 dport=137 packets=1 bytes=78 src=192.168.148.13 dst=192.168.148.3 sport=137 dport=36258 packets=1 bytes=90
I'm not sure if it is possible just to grab udp events, if not you can
filter it in an application.
Best regards,
Krzysztof Olędzki
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Re: conntrack: Connection close event?
2007-08-22 19:10 ` Krzysztof Oledzki
@ 2007-08-22 23:17 ` Cedrix
0 siblings, 0 replies; 4+ messages in thread
From: Cedrix @ 2007-08-22 23:17 UTC (permalink / raw)
To: netfilter-devel
>> In Short: I need to know when a connection (TCP or UDP) gets closed. I
>> want
>> to use conntrack, because I can track UDP more easily.
>>
>> Any help or comment is appreciated! Thanks.
>Something like nfnetlink & "conntrack -E --event-mask NEW,DESTROY -o
>timestamp"?:
>
>I'm not sure if it is possible just to grab udp events, if not you can
>filter it in an application.
>
That's perfect! Thanks Krzystof, Thanks Eric!
Cedrix.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: conntrack: Connection close event?
2007-08-22 18:01 conntrack: Connection close event? Cedrix
2007-08-22 19:10 ` Krzysztof Oledzki
@ 2007-08-22 21:48 ` Eric Leblond
1 sibling, 0 replies; 4+ messages in thread
From: Eric Leblond @ 2007-08-22 21:48 UTC (permalink / raw)
To: Cedrix; +Cc: netfilter-devel
Hi,
Le mercredi 22 août 2007 à 20:01 +0200, Cedrix a écrit :
> Hi,
>
> this is my first request. I checked google, nf-faqs and conntrack-homepage
> without sufficient results for this problem:
>
> In Short: I need to know when a connection (TCP or UDP) gets closed. I want
> to use conntrack, because I can track UDP more easily.
The result of "conntrack -E -e DESTROY" is what you want. You can thus
look at the code to build what you want.
You can also look at NuFW (http://www.nufw.org/) which handle conntrack
destroy event. The concerned source code is browsable here:
http://software.inl.fr/trac/trac.cgi/browser/mirror/edenwall/nufw/trunk/nufw/src/nufw/conntrack.c
Hope this help,
--
Eric Leblond
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-08-22 23:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-22 18:01 conntrack: Connection close event? Cedrix
2007-08-22 19:10 ` Krzysztof Oledzki
2007-08-22 23:17 ` Cedrix
2007-08-22 21:48 ` Eric Leblond
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).