Regarding connection mappings to module data structures

Regarding connection mappings to module data structures

[Deepak Jangid]

Hello Netfilter team,
 
I am seeking an infrastructure for mapping
conntrack(struct nf_conn) to a module private data structure as a context for
every connection.
I could not find any such.
 
I can add the private info when I see a new connection.
conntrack destroy events can be caught to destroy the
private structure.
But the thing is there is no mechanism to store the
private info mapped to a connection. Either I will have to maintain
hash-tables, which is highly irrelevant, or edit the nf_conn which seems a
better way.
 
What I was thinking is to have a list_head or a pointer
to a structure in nf_conn which can handle such scenarios.
 
Does this seems generic ? Well yes there is
conntrack_extend, but it is not generic to be usable by other modules.
 
Best Regards,
Deepak Jangid
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Regarding connection mappings to module data structures

[Pablo Neira Ayuso]

On Thu, Jun 14, 2012 at 02:18:33PM +0800, Deepak Jangid wrote:
> Hello Netfilter team,
>  
> I am seeking an infrastructure for mapping
> conntrack(struct nf_conn) to a module private data structure as a context for
> every connection.
> I could not find any such.
>  
> I can add the private info when I see a new connection.
> conntrack destroy events can be caught to destroy the
> private structure.
> But the thing is there is no mechanism to store the
> private info mapped to a connection. Either I will have to maintain
> hash-tables, which is highly irrelevant, or edit the nf_conn which seems a
> better way.
>  
> What I was thinking is to have a list_head or a pointer
> to a structure in nf_conn which can handle such scenarios.
>  
> Does this seems generic ? Well yes there is
> conntrack_extend, but it is not generic to be usable by other modules.

It's hard to understand what you need since you don't provide any
information on what you want to do.

But my guess is that conntrack extensions is what you want. See
net/netfilter/nf_conntrack_extend.c and
net/netfilter/nf_conntrack_timestamp.c for one example.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Regarding connection mappings to module data structures

[Deepak Jangid]

On 14-Jun-2012, at 23:57, Pablo Neira Ayuso <pablo@netfilter.org> wrote:

> On Thu, Jun 14, 2012 at 02:18:33PM +0800, Deepak Jangid wrote:
>> Hello Netfilter team,
>>  
>> I am seeking an infrastructure for mapping
>> conntrack(struct nf_conn) to a module private data structure as a context for
>> every connection.
>> I could not find any such.
>>  
>> I can add the private info when I see a new connection.
>> conntrack destroy events can be caught to destroy the
>> private structure.
>> But the thing is there is no mechanism to store the
>> private info mapped to a connection. Either I will have to maintain
>> hash-tables, which is highly irrelevant, or edit the nf_conn which seems a
>> better way.
>>  
>> What I was thinking is to have a list_head or a pointer
>> to a structure in nf_conn which can handle such scenarios.
>>  
>> Does this seems generic ? Well yes there is
>> conntrack_extend, but it is not generic to be usable by other modules.
> 
> But my guess is that conntrack extensions is what you want. See
> net/netfilter/nf_conntrack_extend.c and
> net/netfilter/nf_conntrack_timestamp.c for one example.

Yes exactly, that is what I am talking about. But you see 
Struct nf_ct_ext_type .id is what bugging me. 
It is not generic i'll have to add an enum to use it.

What I am suggesting is that we should make it general registrable.

Well you asked, what I am trying to do is make an 7th layer application filter.

Best regards,
Deepak jangid