From: Pablo Neira Ayuso <pablo@netfilter.org>
To: switcher <switcher@linuxwall.info>
Cc: netfilter@lists.netfilter.org
Subject: Re: Check connection state in libipq hook
Date: Mon, 18 Jun 2007 20:15:19 +0200 [thread overview]
Message-ID: <4676CBB7.4080808@netfilter.org> (raw)
In-Reply-To: <20070618161548.120li24u9dcsok0k@webmail.microgate.fr>
switcher wrote:
> I'm coding a software that check if an incoming packet is part of an active
> connection.
> I'm using libipq to get the packet and I tried to submit it to
> ip_conntrack_find_get() as a tuple create with ip_conntrack_tuple but it
> doesn't work so I have some questions about that.
>
> I'm creating the tuple and submitting it with that piece of code :
> --------
> struct ip_conntrack_tuple *tuple;
> tuple->src.ip = iph->saddr;
> tuple->src.u.tcp.port = tcp->source;
> tuple->dst.ip = iph->daddr;
> tuple->dst.u.tcp.port = tcp->dest;
> tuple->dst.protonum = iph->protocol;
> tuple->dst.dir = 0;
> if (NULL == ip_conntrack_find_get(tuple, NULL))
> {
> fprintf(stdout, "tuple IS NOT part of an active connection");
> }
> else {
> fprintf(stdout, "tuple IS part of an active connection");
> }
> --------
> But I don't know what to put in tuple->dst.dir value... is it a static value ?
>
> Moreover, I included <linux/netfilter.h>,
> <linux/netfilter_ipv4/ip_conntrack_tuple.h> and
> <linux/netfilter_ipv4/ip_conntrack_core.h> (kernel 2.6.17.7) but when I try to
> compile it, I have an error message :
> --------
> /usr/include/linux/netfilter_ipv4/ip_conntrack_core.h: In function
> 'ip_conntrack_confirm':
> /usr/include/linux/netfilter_ipv4/ip_conntrack_core.h:44: error: dereferencing
> pointer to incomplete type
> /usr/include/linux/netfilter_ipv4/ip_conntrack_core.h: At top level:
> /usr/include/linux/netfilter_ipv4/ip_conntrack_core.h:59: error: syntax error
> before 'ip_conntrack_lock'
> --------
>
> I'm not manipulating 'ip_conntrack_confirm' nor 'ip_conntrack_lock' so I guess
> I've made a mistake somewhere but I don't know where...
> Could you help me ?
Misconception: The connection tracking is a kernel module. libipq is a
userspace library. You can't invoke such functions from userspace.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
next prev parent reply other threads:[~2007-06-18 18:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-18 14:15 Check connection state in libipq hook switcher
2007-06-18 18:15 ` Pablo Neira Ayuso [this message]
2007-06-18 18:22 ` switcher
2007-06-18 19:20 ` Pablo Neira Ayuso
2007-06-20 16:29 ` switcher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4676CBB7.4080808@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter@lists.netfilter.org \
--cc=switcher@linuxwall.info \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox