Make nfct_catch return control to original thread

Make nfct_catch return control to original thread

[Jeremy/starcraft.man]

Hi,

I'm a developer currently working at a company using libnetfilter, I
came in late in development of the product and the code is pretty much
complete. Due to debugging checks recently enabled, they want to be
able to unblock and gracefully stop all threads before terminating the
process. The problem then is that the thread which invokes nfct_catch
never returns and blocks the thread from cleanly terminating.

pthread_cancel is not an option since we develop on android and that
platform doesn't stopping threads that way.

I'm not that familiar with netfilter and am still reading up, from
what I've read it doesn't seem like I can. Please correct me if I'm
wrong, but the events that trigger the registered handlers are all
tied to interfaces being new/updated/down and thus I can't just use a
handler that returns NFNL_CB_STOP when it next gets an event (at least
not unless I trigger an event artificially say after setting a boolean
flag in the registered handler to force it to stop). Is there any sort
of signal mechanism I'm missing that could be used to force a return
from the loop of nfnl_catch?

Any help would be appreciated, even if it is to say you can't force
catch to return.

Thanks and have a nice day.

--
Jeremy Pallats/starcraft.man

Beginners Team/Wiki FG Member - https://wiki.ubuntu.com/BeginnersTeam
Wiki Homepage - https://wiki.ubuntu.com/starcraft.man

Re: Make nfct_catch return control to original thread

[Pablo Neira Ayuso]

On Wed, Feb 29, 2012 at 09:38:00AM -0500, Jeremy/starcraft.man wrote:
> Hi,
> 
> I'm a developer currently working at a company using libnetfilter, I
> came in late in development of the product and the code is pretty much
> complete. Due to debugging checks recently enabled, they want to be
> able to unblock and gracefully stop all threads before terminating the
> process. The problem then is that the thread which invokes nfct_catch
> never returns and blocks the thread from cleanly terminating.
>
> pthread_cancel is not an option since we develop on android and that
> platform doesn't stopping threads that way.
> 
> I'm not that familiar with netfilter and am still reading up, from
> what I've read it doesn't seem like I can. Please correct me if I'm
> wrong, but the events that trigger the registered handlers are all
> tied to interfaces being new/updated/down and thus I can't just use a
> handler that returns NFNL_CB_STOP when it next gets an event (at least
> not unless I trigger an event artificially say after setting a boolean
> flag in the registered handler to force it to stop). Is there any sort
> of signal mechanism I'm missing that could be used to force a return
> from the loop of nfnl_catch?

You can set the non-blocking socket via nfct_fd(...) and setsockopt.

Then, check if nfct_catch returns -1 and errno == EAGAIN.

Re: Make nfct_catch return control to original thread

[Jeremy/starcraft.man]

Hi,

Quick question regarding conntrack.

Is there a way for me to generate an NFCT_T_DESTROY event artificially
(i.e. avoiding usual mechanism tied to connection close). To further
qualify, I'd like to be able to do this in a situation I can't
guarantee any connectivity. I tried a localhost connection/termination
it didn't seem to trigger a callback.

I want to force a return on a callback that is set on destroy events
if you are wondering.

Thanks for the time.

--
Jeremy Pallats/starcraft.man

Beginners Team/Wiki FG Member - https://wiki.ubuntu.com/BeginnersTeam
Wiki Homepage - https://wiki.ubuntu.com/starcraft.man