št 19. 8. 2021 o 12:16 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> napísal(a): > > Better to stick to use nflog_nlmsg_parser(), my suggestion is: > > #1 msg_cb() provides struct nfgenmsg *nfmsg, you could retrieve the nlmsg > from there since the nlmsghdr comes before nfgenmsg: > > struct nlmsghdr *nlh; > > nlh = (struct nlmsghdr *)((void *)nfg - sizeof(*nlh)); > > err = nflog_nlmsg_parse(nlh, attrs); > if (err < 0) > ... error path > > #2 once you have access to attrs[NFULA_CT], from there on: > > struct nf_conntrack *ct; > > ct = nfct_new(); > if (!ct) > ... error path > > err = nfct_nlmsg_parse(nlh, ct); > if (err < 0) > ... error path > > Then, you get the pointer to conntrack object. Great, your suggestions perfectly work. Thank you. Little later I will post complete code to everyone. Could it be useful to prepare patch to add this to ulogd2? As new input plugin or as a upgrade to inppkt_UFLOG?
