Hi, Le mardi 27 avril 2010 à 20:11 +0200, Pablo Neira Ayuso a écrit : > Morgon J. Kanter wrote: > > Hi, > > > > I'm developing an application that uses libnetfilter_conntrack to note when > > connections start and end as part of what it does. So far I've been able to do > > just fine is use nfct_filter with nfct_catch and have a function called > > whenever the appropriately filtered conntrack events happen. This works well, > > but my program doesn't *just* look for conntrack events and act on them. To > > keep it single-threaded what I'd like to do is just be able to poll for > > conntrack events, with poll() or select() or whatever. > > IRC, you can use nfct_fd() to get the netlink file descriptor. > > > What I attempted was extracting the netlink fd with the filter applied, and > > running select() on a set containing just that, and then using nfct_query(). > > nfct_query() is not of any use to listen to events. > > > This didn't work at all though -- when filtered conntrack events do happen, > > apparently nothing is pushed down that file descriptor. Is there any way to do > > what I want? I didn't see anything that was using this sort of functionality > > in the utils directory. > > You can look at the conntrack-tools, specifically conntrackd, it does > more or less what you seem to need. Or have a look at ulogd2 NFCT input plugin. By the way, ulogd2 may be a good starting point for your application... See the following url for the code: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=blob;f=input/flow/ulogd_inpflow_NFCT.c BR, -- Éric Leblond, eleblond@xxxxxxxxxxxx Téléphone : +33 1 40 24 65 04, Fax : +33 9 57 21 48 75 EdenWall, http://www.edenwall.com
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
