Hello all,
Alan, I jus read your below mail regarding the conntrack facility.
I am sorry that I am not able to help you with an answer to your query.
I am actually writing this mail to ask you if you could help me know
what are the structures that store conntrack details, i.e, if I want to
drop a particular connection that is established which structure entry I
should be parsing and deleting??????
Since I am also doing an analysis on the kernel code for conntrack
facility I thought you may be able to help me out...
Regards,
Anisha Chandrasekaran
Email : anisha.chandrasekaran@xxxxxxxxx
-----Original Message-----
From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Alan Ezust
Sent: Monday, October 23, 2006 11:49 PM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: understanding how conntrack works
Greetings all, I'm exploring the kernel source trying to understand
better how
the conntrack facility works. I had a couple of questions which I hope
someone more familiar with the code can answer...
Q: Where in the code does a table entry get added to the conntrack
table?
nf_conntrack_put doesn't seem to contain much code related to that.
Q: Where in the code is the conntrack data lines being written, and
using what
mechanism? (kprintf? procfs?)
I did some ctags jumping and keep coming to the nf_conntrack_put
function,
which I expected to contain the code. Instead it only contains a
<pre>
// ip_conntrack.h:
static inline void
ip_conntrack_put(struct ip_conntrack *ct)
{
IP_NF_ASSERT(ct);
nf_conntrack_put(&ct->ct_general);
}
// skbuff.h:
#ifdef CONFIG_NETFILTER
static inline void nf_conntrack_put(struct nf_conntrack *nfct)
{
if (nfct && atomic_dec_and_test(&nfct->use))
nfct->destroy(nfct);
}
</pre>
The "destroy" call is an indirect function call, which appears to be a
call
(most of the time) to nf_conntrack_core.c:541
<pre>
static void destroy_conntrack(struct nf_conntrack *nfct)
</pre>
I hope the table updating and kprintf lines are not embedded within the
destroy code?
Q: What is "master"?
It seems that conntrack data has a concept called "master". When a
connection
is "destroyed", a call to the "master" destroy is also made. What is the
relationship between the nf_conntrack and the master of an nf_conntrack
(appears to be a tree or a linked list). It seems to be an ownership
relationship.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
