Re: event-driven connection tracking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Is it possible to use event-driven connection tracking - with
conntrack-utils or by other means?

Ideally, what I would like to do is 'register' a handler for particular
connection events (when new connection is established and then closed
for example) based on particular pre-defined filter (say, by protocol,
source/destination ip etc) and execute a program code/function (if done
programmatically) or a script (if done outside the connection-tracking
domain) to do what I want?
Currently, the only way to track such 'events' is if I include a
separate chain in iptables tracking a particular connection (and logging
the event via a normal log jump), but that is not enough for me as I
also need to trigger a full dump based on that particular 'filter' and
end this dump when the connection is closed. Any ideas?

You can use libnetfilter_conntrack for that:
http://www.netfilter.org/projects/libnetfilter_conntrack/index.html
THAT is exactly what I was after - program interface through which I can register the events I am interested in and handle them in my own way.

There are several examples under utils/ in the tarballs that are
distributed.
Yep, conntrack_events.c and expect_events.c seem to be a good match and provide me with a decent skeleton on which to base my own code. Thanks for your input, much appreciated.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux