On Thu, Aug 19, 2021 at 04:05:41PM +0200, Blažej Krajňák wrote: > št 19. 8. 2021 o 12:16 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> napísal(a): > > > > Better to stick to use nflog_nlmsg_parser(), my suggestion is: > > > > #1 msg_cb() provides struct nfgenmsg *nfmsg, you could retrieve the nlmsg > > from there since the nlmsghdr comes before nfgenmsg: > > > > struct nlmsghdr *nlh; > > > > nlh = (struct nlmsghdr *)((void *)nfg - sizeof(*nlh)); > > > > err = nflog_nlmsg_parse(nlh, attrs); > > if (err < 0) > > ... error path > > > > #2 once you have access to attrs[NFULA_CT], from there on: > > > > struct nf_conntrack *ct; > > > > ct = nfct_new(); > > if (!ct) > > ... error path > > > > err = nfct_nlmsg_parse(nlh, ct); > > if (err < 0) > > ... error path > > > > Then, you get the pointer to conntrack object. > > Great, your suggestions perfectly work. Thank you. > Little later I will post complete code to everyone. Thanks. > Could it be useful to prepare patch to add this to ulogd2? I think so, yes. > As new input plugin or as a upgrade to inppkt_UFLOG? Better if you integrate it into the existing plugin. Please, go ahead post it for review, it might just need a few iterations before it gets merged into master. Thanks.
