Fabian Hugelshofer wrote:
To reduce any side effects I wrote a small test application which just
reads the ctevent socket and does nothing else. You find it attached to
this email.
Forgot to attach, you find it in this email...
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <signal.h>
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
volatile sig_atomic_t terminate;
static void __sig_handler(int sig)
{
switch (sig) {
case SIGTERM:
case SIGINT:
terminate = 1;
break;
}
}
int main(int argc, char* argv[])
{
struct nfct_handle *h;
struct sigaction sigact;
char buf[NFNL_BUFFSIZE] __attribute__ ((aligned));
int len;
int events = 0;
int overflows = 0;
terminate = 0;
sigact.sa_handler = &__sig_handler;
sigaction(SIGINT, &sigact, NULL);
sigaction(SIGTERM, &sigact, NULL);
h = nfct_open(NFNL_SUBSYS_CTNETLINK,
NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_DESTROY);
if (h == NULL) {
perror("opening ctnetlink failed");
exit(EXIT_FAILURE);
}
while (!terminate) {
len = recv(nfct_fd(h), buf, sizeof(buf), 0);
if (len < 0) {
if (errno == ENOBUFS) {
overflows++;
} else if (errno != EINTR) {
perror("recv failed");
nfct_close(h);
exit(EXIT_FAILURE);
}
} else {
events++;
}
}
printf("%d events received (%d overflows)\n", events, overflows);
nfct_close(h);
exit(EXIT_SUCCESS);
}
