I would like to use libfilter_conntrack to remove an entry in the
conntrack table.
Does anyone have an example showing how to do that programmatically?
There's an example in the source code, in utils/conntrack_delete.c
I am using the conntrack_delete example to try to delete this entry:
udp 17 29 src=192.168.1.56 dst=192.168.1.114 sport=16385
dport=26956 packets=28149 bytes=7881720 [UNREPLIED] src=192.168.1.114
dst=192.168.1.56 sport=26956 dport=16385 packets=0 bytes=0 mark=0
secmark=0 use=2
But I am having problem doing so with the lines of code below:
ct = nfct_new();
if (!ct) {
perror("nfct_new");
return 0;
}
nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("192.168.1.56"));
nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_UDP);
nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(16385));
You need to also specify the destination IP address and port number. I
think that as a minumum you must specify all 6 peices of information:
source/dest IP address and port number, and the layer 3 and layer 4
protocol.
Regards,
Andy
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
