On 14/10/10 00:56, Jan Engelhardt wrote: > > On Thursday 2010-10-14 00:18, Mr Dash Four wrote: >>>> Is it possible to use event-driven connection tracking - with conntrack-utils >>>> or by other means? >>>> Ideally, what I would like to do is 'register' a handler for particular >>>> connection events (when new connection is established and then closed for >>>> example) based on particular pre-defined filter (say, by protocol, >>>> source/destination ip etc) and execute a program code/function (if done >>>> programmatically) or a script (if done outside the connection-tracking >>>> domain) >>>> to do what I want? >>> >>> conntrack -Ee NEW,DESTROY >>> >>> would list you the specified events as they happen. Combined with a script >>> that reacts when a new line is outputted by conntrack should >>> do the trick. >>> >> That's not what I am after! >> >> If I want to poll a text output every-so-often I can use /proc/net/nf_conntrack > > -E is event driven. (That's why it's got the "E".) Indeed, if you're looking for a tool to listen to event-driven conntrack notifications, then what Jan suggests is the correct approach. If you want to make your own handling application, you can use libnetfilter_conntrack. For logging, you can use ulogd2. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
