From: Philip Craig <philipc@snapgear.com>
To: Volker Poplawski <volker@openbios.org>
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: Re: libnl: Unmatched NL_ACT_DEL and NL_ACT_CHANGE
Date: Tue, 07 Jul 2009 15:29:42 +1000 [thread overview]
Message-ID: <4A52DD46.5090501@snapgear.com> (raw)
In-Reply-To: <200907061417.41282.volker@openbios.org>
Volker Poplawski wrote:
> On Monday 06 July 2009 13:29:40 you wrote:
>> Volker Poplawski wrote:
>>> Hi all.
>>>
>>> Could s.o. please have a look at my (short) code at
>>> http://pastie.org/534637
>>>
>>> (maybe compile it with g++ -Wall test.c -o test -I ... -L ... -lnl
>>> -lnl-genl - lnl-nf -lnl-route)
>>>
>>> What the code does is to listen to changes in the ct-table using libnl.
>>> It keeps score of reported ctId in a lookup table.
>>>
>>> Problem is: I'm getting a lot of NL_ACT_CHANGE & NL_ACT_DEL without
>>> having seen a matching NL_ACT_NEW. (Also there seems to be no initial
>>> cache fill)
>>>
>>> kernel 2.6.27 (opensuse 11.1), libnl 2.0 (git master)
>> I think I know whats happening - the ct objects don't define the
>> attribute(s) distinguishing different entries, so cache_include()
>> doesn't recognize them as new.
>>
>> Does this patch make any difference?
Yes that improves it. We probably want to change libnl so that we
can specify a set of optional attributes to compare, so that
nl_object_identical does something like this:
if ((a->ce_mask & req_attrs) != req_attrs ||
(b->ce_mask & req_attrs) != req_attrs)
return 0;
if ((a->ce_mask & opt_attrs) != (b->ce_mask & opt_attrs))
return 0;
...
return !(ops->oo_compare(a, b, (req_attrs | a->ce_mask & opt_attrs), 0));
This would let it work on older kernels that don't include the id too.
> Yes it does, NL_ACT_DEL , _CHANGE and _DEL are now matching -- for ct-entries
> created after i made my call to nl_cache_mngr_add( ... "netfilter/ct"... )
>
> However, i still don't get a NL_ACT_DEL on already existing connections
> (CHANGE and DEL though)
I assume you meant you don't get NL_ACT_NEW events for existing
connections. That's just how libnl works in general. You can use
nl_cache_get_first/nl_cache_get_next to populate your hashtable
before you start polling.
next prev parent reply other threads:[~2009-07-07 5:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-05 9:44 libnl: Unmatched NL_ACT_DEL and NL_ACT_CHANGE Volker Poplawski
2009-07-06 11:29 ` Patrick McHardy
2009-07-06 12:17 ` Volker Poplawski
2009-07-07 5:29 ` Philip Craig [this message]
2009-07-07 9:01 ` Volker Poplawski
2009-07-10 10:40 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A52DD46.5090501@snapgear.com \
--to=philipc@snapgear.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=volker@openbios.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).