Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> a écrit :
switcher wrote:
Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> a écrit :
Misconception: The connection tracking is a kernel module. libipq
is a userspace library. You can't invoke such functions from
userspace.
Errr...
So, do you know another technique that I can use to do so in userspace ?
I could maintain a connection state table in userspace but I think
it's a waste of time to redo netfilter's job...
Well, it depends on what you want to do. Anyway, you may also use
libnetfilter_conntrack to listen to conntrack events. BTW, libipq has
been superseded by libnetfilter_queue and the NFQUEUE target.
Alright, I'm reading libnetfilter_conntrack utils right now, but it
sounds like
you forgot to add some comments :p
I want to check if an incoming packet is part of an active (tcp & udp)
connection. With util should I follow ?
Thanks,
julien
