switcher wrote:
Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> a écrit :
Misconception: The connection tracking is a kernel module. libipq is
a userspace library. You can't invoke such functions from userspace.
Errr...
So, do you know another technique that I can use to do so in userspace ?
I could maintain a connection state table in userspace but I think it's
a waste of time to redo netfilter's job...
Well, it depends on what you want to do. Anyway, you may also use
libnetfilter_conntrack to listen to conntrack events. BTW, libipq has
been superseded by libnetfilter_queue and the NFQUEUE target.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
