question about libfilter_conntrack

question about libfilter_conntrack

[Pete Kay]

Hi,

I would like to use libfilter_conntrack to remove an entry in the
conntrack table.

Does anyone have an example showing how to do that programmatically?

Thanks,
P

Re: question about libfilter_conntrack

[Andrew Beverley]

> I would like to use libfilter_conntrack to remove an entry in the
> conntrack table.
> 
> Does anyone have an example showing how to do that programmatically?

There's an example in the source code, in utils/conntrack_delete.c

Andy

Re: question about libfilter_conntrack

[Pete Kay]

Andy,

Thanks alot for your help.

I am using the conntrack_delete example to try to delete this entry:
udp      17 29 src=192.168.1.56 dst=192.168.1.114 sport=16385
dport=26956 packets=28149 bytes=7881720 [UNREPLIED] src=192.168.1.114
dst=192.168.1.56 sport=26956 dport=16385 packets=0 bytes=0 mark=0
secmark=0 use=2

But I am having problem doing so with the lines of code below:

      ct = nfct_new();
        if (!ct) {
                perror("nfct_new");
              return 0;

        }
        nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
        nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("192.168.1.56"));

        nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_UDP);
      nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(16385));

        h = nfct_open(CONNTRACK, 0);
        if (!h) {
                perror("nfct_open");

        }

        ret = nfct_query(h, NFCT_Q_DESTROY, ct);


Does anyone know why?

Thank you so much in advance for your help.

P







On Tue, Jul 27, 2010 at 2:12 PM, Andrew Beverley <andy@andybev.com> wrote:
>> I would like to use libfilter_conntrack to remove an entry in the
>> conntrack table.
>>
>> Does anyone have an example showing how to do that programmatically?
>
> There's an example in the source code, in utils/conntrack_delete.c
>
> Andy
>
>
>

Re: question about libfilter_conntrack

[Andrew Beverley]

>>> I would like to use libfilter_conntrack to remove an entry in the
>>> conntrack table.
>>>
>>> Does anyone have an example showing how to do that programmatically?
>>
>> There's an example in the source code, in utils/conntrack_delete.c
>>
> I am using the conntrack_delete example to try to delete this entry:
> udp      17 29 src=192.168.1.56 dst=192.168.1.114 sport=16385
> dport=26956 packets=28149 bytes=7881720 [UNREPLIED] src=192.168.1.114
> dst=192.168.1.56 sport=26956 dport=16385 packets=0 bytes=0 mark=0
> secmark=0 use=2
>
> But I am having problem doing so with the lines of code below:
>
>       ct = nfct_new();
>         if (!ct) {
>                 perror("nfct_new");
>               return 0;
>
>         }
>         nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
>         nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("192.168.1.56"));
>
>         nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_UDP);
>       nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(16385));
>

You need to also specify the destination IP address and port number. I  
think that as a minumum you must specify all 6 peices of information:  
source/dest IP address and port number, and the layer 3 and layer 4  
protocol.

Regards,

Andy

Re: question about libfilter_conntrack

[Pete Kay]

Andy,

thanks alot.  It works now.

P

On Tue, Jul 27, 2010 at 4:52 PM, Andrew Beverley <andy@andybev.com> wrote:
>>>> I would like to use libfilter_conntrack to remove an entry in the
>>>> conntrack table.
>>>>
>>>> Does anyone have an example showing how to do that programmatically?
>>>
>>> There's an example in the source code, in utils/conntrack_delete.c
>>>
>> I am using the conntrack_delete example to try to delete this entry:
>> udp      17 29 src=192.168.1.56 dst=192.168.1.114 sport=16385
>> dport=26956 packets=28149 bytes=7881720 [UNREPLIED] src=192.168.1.114
>> dst=192.168.1.56 sport=26956 dport=16385 packets=0 bytes=0 mark=0
>> secmark=0 use=2
>>
>> But I am having problem doing so with the lines of code below:
>>
>>      ct = nfct_new();
>>        if (!ct) {
>>                perror("nfct_new");
>>              return 0;
>>
>>        }
>>        nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
>>        nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC,
>> inet_addr("192.168.1.56"));
>>
>>        nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_UDP);
>>      nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(16385));
>>
>
> You need to also specify the destination IP address and port number. I think
> that as a minumum you must specify all 6 peices of information: source/dest
> IP address and port number, and the layer 3 and layer 4 protocol.
>
> Regards,
>
> Andy
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html