> Accounting, NAT, and the conntrack helpers use ct_extend to store > private per-conntrack data. For an out of tree module, you'll need to > maintain a small kernel patch to add an enumeration to > nf_conntrack_extend.h, and add a function call to init_conntrack() and > ctnetlink_create_conntrack() to add the private area when the > conntrack is initialized, as it needs to be allocated before the > conntrack is confirmed. If your private structure contains any > pointers, you'll also have specify a destroy callback in your module's > nf_ct_ext_type structure to make sure memory gets cleaned up properly. > nf_conntrack_acct is probably a good module to look at for usage. > > HTH, > James My pre-alpha application was entirely written as a kernel module, but I am in the process of writing it as a user space service that uses libnetfilter_queue to intercept packets, and bring them into user space to be processed. This is where I need to keep track of the TCP options in each of the IP packets and track them for each session. One of my goals is that this will run on pretty much any distro without needing to recompile the kernel. Being I don't know much about netfilter I just was not sure if it were possible to use the existing conntrack table from user space. Justin. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
