On Mon, Apr 19, 2010 at 4:07 PM, Justin Yaple <yaplej@xxxxxxxxx> wrote: > My pre-alpha application was entirely written as a kernel module, but > I am in the process of writing it as a user space service that uses > libnetfilter_queue to intercept packets, and bring them into user > space to be processed. This is where I need to keep track of the TCP > options in each of the IP packets and track them for each session. > One of my goals is that this will run on pretty much any distro > without needing to recompile the kernel. Being I don't know much > about netfilter I just was not sure if it were possible to use the > existing conntrack table from user space. I'm not sure if you can access/modify the conntrack directly from userspace, but I know you can listen for conntrack events and maintain your own table passively. The userspace version of l7-filter combines queuing+events in this way, constructing a unique string based on the flow tuple and using it for the key to a map that holds a custom per-conntrack structure. l7-conntrack.* and l7-queue.* are the interesting bits here, but are missing a bit of locking around the threaded map access currently. Cheers, James -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
