Is it possible to use event-driven connection tracking - with
conntrack-utils or by other means?
Ideally, what I would like to do is 'register' a handler for particular
connection events (when new connection is established and then closed
for example) based on particular pre-defined filter (say, by protocol,
source/destination ip etc) and execute a program code/function (if done
programmatically) or a script (if done outside the connection-tracking
domain) to do what I want?
Currently, the only way to track such 'events' is if I include a
separate chain in iptables tracking a particular connection (and logging
the event via a normal log jump), but that is not enough for me as I
also need to trigger a full dump based on that particular 'filter' and
end this dump when the connection is closed. Any ideas?
You can use libnetfilter_conntrack for that:
http://www.netfilter.org/projects/libnetfilter_conntrack/index.html
THAT is exactly what I was after - program interface through which I can
register the events I am interested in and handle them in my own way.
There are several examples under utils/ in the tarballs that are
distributed.
Yep, conntrack_events.c and expect_events.c seem to be a good match and
provide me with a decent skeleton on which to base my own code. Thanks
for your input, much appreciated.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html