netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Notification of new/destroyed connection
@ 2007-02-27 22:49 Chris Taylor
  2007-02-28 12:39 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Chris Taylor @ 2007-02-27 22:49 UTC (permalink / raw)
  To: netfilter-devel

Hello all,

Newbie warning!!  I was trying to fool around with netfilter and
nf_conntrack.  I'd like to write a netfilter module that takes action
when a new connection is opened or closed.

Initially I thought about taking the sk_buff and pass it to
nf_ct_get_tuple and then call nf_conntrack_find_get and if it returns
null then I it's a new connection.  But I can't find a way to use this
to see if a connection has been closed.

Then I saw the notification chains and I thought about makeing a
notification block and registering it with
nf_conntrack_register_notifier(struct notifier_block *nb).  I couldn't
find the initial listing of the anticiapted values for the events and
the void* p, but I saw examples in
net/netfilter/nf_conntrack_netlink.c So I then turned my attention to
include/linux/netfilter/nf_conntrack_common.h and saw the difference
b/n ip_conntrack_expect_events and ip_conntrack_events, namely that
ip_conntrack_expect_events only has IPEXP_NEW.

Am I correct to assume that if I need to do some setup in advance of a
connection establishment, then I should subscribe via the
nf_conntrack_register_expect_notifier and wait for a IPEXP_NEW event?
What happenes if I do the setup and the connection is never
established?  Will I get notified of that via the callback registered
with nf_conntrack_register_notifier with a IPCT_DESTROY event?

Am I better off doing this with nf_conntrack or ip_conntrack?  What's
the difference?

Am I headed in the correct direction?

Thanx in advance.

Respectfully,
Christopher Taylor

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Notification of new/destroyed connection
@ 2007-07-12  8:00 Kerry Ó Cuanacháin
  0 siblings, 0 replies; 4+ messages in thread
From: Kerry Ó Cuanacháin @ 2007-07-12  8:00 UTC (permalink / raw)
  To: netfilter-devel

Following on from the discussion on CT lifecycle events, if one takes
a scenario whereby a newly created connection is subsequently
NF_DROP'd by a filter rule, is it exclusively a timer/timeout which
results in that same connection being destroyed?
Is there any event driven mechanism to inform conntrack that the
packet has been filtered?
Similarly, is there an way to identify the reason for IPCT_DESTROY
from the event raised?


Kind Regards

Kerry

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Notification of new/destroyed connection
@ 2007-07-12  9:13 Kerry Ó Cuanacháin
  0 siblings, 0 replies; 4+ messages in thread
From: Kerry Ó Cuanacháin @ 2007-07-12  9:13 UTC (permalink / raw)
  To: netfilter-devel

Following on from the discussion on CT lifecycle events, if one takes
a scenario whereby a newly created connection is subsequently
NF_DROP'd by a filter rule, is it exclusively a timer/timeout which
results in that same connection being destroyed?
Is there any event driven mechanism to inform conntrack that the
packet has been filtered?
Similarly, is there an way to identify the reason for IPCT_DESTROY
from the event raised?


Kind Regards


Kerry

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-07-12  9:13 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-02-27 22:49 Notification of new/destroyed connection Chris Taylor
2007-02-28 12:39 ` Pablo Neira Ayuso
  -- strict thread matches above, loose matches on Subject: below --
2007-07-12  8:00 Kerry Ó Cuanacháin
2007-07-12  9:13 Kerry Ó Cuanacháin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).