Hi Vitaly, On Wed, Oct 16, 2013 at 11:36:23PM +0400, Vitaly E. Lavrov wrote: > How to add additional data to the conntrack? This is needed to > the implementation of ndpi-netfilter. > > Now it is possible to add data to a struct "nf_conn-> ext" through > nf_conntrack_extend, but it requires a change in the kernel code. > > I have developed a patch to register custom extensions in nf_conn->ext. > In the kernel configuration, you can specify the maximum number of additional > extensions (0..8). When registering a custom extension to specify an > additional unique identifier extension (u32). In the extension properties > seq_print added optional method to display data in "/proc/net/nf_conntrack". > > What lacks is in this patch? I'm reticent to get this extremely generic infrastructure into mainstream, we need to know more on the ndpi needs and discuss some generic infrastructure that most layer 7 implementation can benefit from. BTW, please try to avoid /proc interfaces, we try to run away from them if possible, using ctnetlink would be better. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
