* question about libfilter_conntrack @ 2010-07-27 5:34 Pete Kay 2010-07-27 6:12 ` Andrew Beverley 0 siblings, 1 reply; 5+ messages in thread From: Pete Kay @ 2010-07-27 5:34 UTC (permalink / raw) To: netfilter-devel Hi, I would like to use libfilter_conntrack to remove an entry in the conntrack table. Does anyone have an example showing how to do that programmatically? Thanks, P ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: question about libfilter_conntrack 2010-07-27 5:34 question about libfilter_conntrack Pete Kay @ 2010-07-27 6:12 ` Andrew Beverley 2010-07-27 7:17 ` Pete Kay 0 siblings, 1 reply; 5+ messages in thread From: Andrew Beverley @ 2010-07-27 6:12 UTC (permalink / raw) To: Pete Kay; +Cc: netfilter-devel > I would like to use libfilter_conntrack to remove an entry in the > conntrack table. > > Does anyone have an example showing how to do that programmatically? There's an example in the source code, in utils/conntrack_delete.c Andy ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: question about libfilter_conntrack 2010-07-27 6:12 ` Andrew Beverley @ 2010-07-27 7:17 ` Pete Kay 2010-07-27 8:52 ` Andrew Beverley 0 siblings, 1 reply; 5+ messages in thread From: Pete Kay @ 2010-07-27 7:17 UTC (permalink / raw) To: Andrew Beverley; +Cc: netfilter-devel Andy, Thanks alot for your help. I am using the conntrack_delete example to try to delete this entry: udp 17 29 src=192.168.1.56 dst=192.168.1.114 sport=16385 dport=26956 packets=28149 bytes=7881720 [UNREPLIED] src=192.168.1.114 dst=192.168.1.56 sport=26956 dport=16385 packets=0 bytes=0 mark=0 secmark=0 use=2 But I am having problem doing so with the lines of code below: ct = nfct_new(); if (!ct) { perror("nfct_new"); return 0; } nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("192.168.1.56")); nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_UDP); nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(16385)); h = nfct_open(CONNTRACK, 0); if (!h) { perror("nfct_open"); } ret = nfct_query(h, NFCT_Q_DESTROY, ct); Does anyone know why? Thank you so much in advance for your help. P On Tue, Jul 27, 2010 at 2:12 PM, Andrew Beverley <andy@andybev.com> wrote: >> I would like to use libfilter_conntrack to remove an entry in the >> conntrack table. >> >> Does anyone have an example showing how to do that programmatically? > > There's an example in the source code, in utils/conntrack_delete.c > > Andy > > > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: question about libfilter_conntrack 2010-07-27 7:17 ` Pete Kay @ 2010-07-27 8:52 ` Andrew Beverley 2010-07-27 9:31 ` Pete Kay 0 siblings, 1 reply; 5+ messages in thread From: Andrew Beverley @ 2010-07-27 8:52 UTC (permalink / raw) To: Pete Kay; +Cc: netfilter-devel >>> I would like to use libfilter_conntrack to remove an entry in the >>> conntrack table. >>> >>> Does anyone have an example showing how to do that programmatically? >> >> There's an example in the source code, in utils/conntrack_delete.c >> > I am using the conntrack_delete example to try to delete this entry: > udp 17 29 src=192.168.1.56 dst=192.168.1.114 sport=16385 > dport=26956 packets=28149 bytes=7881720 [UNREPLIED] src=192.168.1.114 > dst=192.168.1.56 sport=26956 dport=16385 packets=0 bytes=0 mark=0 > secmark=0 use=2 > > But I am having problem doing so with the lines of code below: > > ct = nfct_new(); > if (!ct) { > perror("nfct_new"); > return 0; > > } > nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); > nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("192.168.1.56")); > > nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_UDP); > nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(16385)); > You need to also specify the destination IP address and port number. I think that as a minumum you must specify all 6 peices of information: source/dest IP address and port number, and the layer 3 and layer 4 protocol. Regards, Andy ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: question about libfilter_conntrack 2010-07-27 8:52 ` Andrew Beverley @ 2010-07-27 9:31 ` Pete Kay 0 siblings, 0 replies; 5+ messages in thread From: Pete Kay @ 2010-07-27 9:31 UTC (permalink / raw) To: Andrew Beverley; +Cc: netfilter-devel Andy, thanks alot. It works now. P On Tue, Jul 27, 2010 at 4:52 PM, Andrew Beverley <andy@andybev.com> wrote: >>>> I would like to use libfilter_conntrack to remove an entry in the >>>> conntrack table. >>>> >>>> Does anyone have an example showing how to do that programmatically? >>> >>> There's an example in the source code, in utils/conntrack_delete.c >>> >> I am using the conntrack_delete example to try to delete this entry: >> udp 17 29 src=192.168.1.56 dst=192.168.1.114 sport=16385 >> dport=26956 packets=28149 bytes=7881720 [UNREPLIED] src=192.168.1.114 >> dst=192.168.1.56 sport=26956 dport=16385 packets=0 bytes=0 mark=0 >> secmark=0 use=2 >> >> But I am having problem doing so with the lines of code below: >> >> ct = nfct_new(); >> if (!ct) { >> perror("nfct_new"); >> return 0; >> >> } >> nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); >> nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, >> inet_addr("192.168.1.56")); >> >> nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_UDP); >> nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(16385)); >> > > You need to also specify the destination IP address and port number. I think > that as a minumum you must specify all 6 peices of information: source/dest > IP address and port number, and the layer 3 and layer 4 protocol. > > Regards, > > Andy > > > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-07-27 9:31 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-07-27 5:34 question about libfilter_conntrack Pete Kay 2010-07-27 6:12 ` Andrew Beverley 2010-07-27 7:17 ` Pete Kay 2010-07-27 8:52 ` Andrew Beverley 2010-07-27 9:31 ` Pete Kay
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).