On Mon, Oct 01, 2012 at 10:17:02PM +0100, Ed W wrote: > Hi, I'm trying to update the opendpi-netfilter module to work with > more recent kernels and the ntop ndpi fork of the code (now that > opendpi seems to have gone away) > > The netfilter module registers a conntrack notifier in order to > release resources once a conntrack is destroyed > https://github.com/ewildgoose/ndpi-netfilter/blob/master/src/main.c > This is not possible though, if you also want to have conntrack > events through netlink... ( NF_CT_NETLINK grabs the conntrack > notifier first) > > Now I have read the history on why this is the case, but what are > the obvious workarounds to this situation? Can we extend the > conntrack connection with custom properties? Anything better than > simply scanning my flows occasionally and comparing with the > conntrack list to see if they have gone away? We used to have notifier call chains to deliver in-kernel nofitications to events. However, since it was overkill for just one single client (ctnetlink), we removed it and use a single hook function. The workaround is to dig into the history, find that code and forward port it. But I have to warn you that I won't take that patch into mainstream since there's only one single client in the official Linux kernel code, and external clients like that ndpi thing do not justify such change. Sorry. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
