I'm working on a connection tracker for a RPC-like protocol (over TCP). I believe that by inspecting packets using nfqueue, and creating/destroying expectations using nfconntrack, I can do a connection tracker in user-space. In order to remove nfqueue from the mix, I've been looking at the conntrack code, trying to figure out whether even notifications about connection status can include the TCP data that I need to inspect, the data that's in the skbs provided to kernel module conntrack helpers. I haven't been able to be certain what libnfconntrack can/cannot do, but it seems outside of the usage that the command line tools and conntrack daemon need, so I suspect its not possible. Can somebody confirm my suspicions? Thank you. Sam -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
