On Mon, Apr 19, 2010 at 12:40 PM, Justin Yaple <yaplej@xxxxxxxxx> wrote: > I was wondering if its possible to use conntrack for this rather than > re-invent the wheel. My application needs to be alerted when a > session is being removed from the conntrack table so it can cleanup > any data related to that session within the program. Given the > particular requirements I was not sure if the existing conntrack table > would be suitable for doing this. > > What are your though on trying to use conntrack vs using an internal > connection tracking method within the application? On Mon, Apr 19, 2010 at 12:40 PM, Justin Yaple <yaplej@xxxxxxxxx> wrote: > I am working on an application that has to track data within > custom/non-standard TCP options within the packets of each TCP > session. It has to check the existence of, and examine the data > within these options then save that data about the session somewhere. > I had previously written my own session tracking system using a large > jump table to linked lists of a custom session structure in case of > collisions with my hashing function. > > I was wondering if its possible to use conntrack for this rather than > re-invent the wheel. My application needs to be alerted when a > session is being removed from the conntrack table so it can cleanup > any data related to that session within the program. Given the > particular requirements I was not sure if the existing conntrack table > would be suitable for doing this. > > What are your though on trying to use conntrack vs using an internal > connection tracking method within the application? Accounting, NAT, and the conntrack helpers use ct_extend to store private per-conntrack data. For an out of tree module, you'll need to maintain a small kernel patch to add an enumeration to nf_conntrack_extend.h, and add a function call to init_conntrack() and ctnetlink_create_conntrack() to add the private area when the conntrack is initialized, as it needs to be allocated before the conntrack is confirmed. If your private structure contains any pointers, you'll also have specify a destroy callback in your module's nf_ct_ext_type structure to make sure memory gets cleaned up properly. nf_conntrack_acct is probably a good module to look at for usage. HTH, James -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
