'Re: [PATCH] ct-event API port to 2.6.11'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: [PATCH] ct-event API port to 2.6.11
From:       Amin Azez <azez () ufomechanic ! net>
Date:       2005-04-08 15:07:27
Message-ID: 42569E2F.3070802 () ufomechanic ! net
[Download RAW message or body]

The procedure I outline below is not complete;

I found that I can't set CONFIG_NETFILTER_NETLINK in the config file using
make xconfig (which I use to sanity check .config done by hand)

beause of this, IP_NF_CONNTRACK_NETLINK cannot be set, and so 
ip_conntrack_netlink.c is never compiled.

CONFIG_NETFILTER_NETLINK is available from 
linux-2.6.11.6/net/netfilter/Kconfig (as opposed to ipv4/netfilter/Kconfig)

For some reason it has spaces instead of tabs in it (most Kconfig have 
tabs) but even if I fix this I still can't get NETFILTER_NETLINK to show 
in the gui kernel config tools, which indicates something is wrong.

Amin

Pablo Neira wrote:
> Amin Azez wrote:
> 
>> Thanks for the patches Pablo, they seemed to do the trick.
>> ctnl_del_conntrack has been expanded to 3 args, should I be using 
>> CTA_UNSPEC or CTA_ORIG or CTA_STATUS as the 3rd arg on line 118 of 
>> ctnltest.c?
> 
> 
> +int ctnl_del_conntrack(struct ctnl_handle *cth,
> +                      struct ip_conntrack_tuple *tuple,
> +                      enum ctattr_type_t t)
> 
> The 3rd arguments says if you're referring to CTA_ORIG or CTA_RPLY. So 
> you can kill conntracks based on the direction.
> 
> This stuff is under development so nobody can't assure that the API will 
> change in future.
> 
>> ctnl_del_conntrack(cth, NFA_DATA(cb[CTA_ORIG]),XXXXX);
>>
>> For the record, to help those who follow, to get libctnetlink and 
>> libnfnetlink working, here are the instructions.
>>
>> 1) unpack the pristine kernel sources of 2.6.11
>> 2) apply pablos patches from 
>> http://people.netfilter.org/pablo/patches/nfnetlink-conntrack-0.50-2.6.11/ 
>>
>> 3) build and install your kernel & modules with all the right NF 
>> options enabled
>> 4) unpack a recent libctnetlink from 
>> ftp://ftp.netfilter.org/pub/libctnetlink/snapshot/
>> 5) run:
>>   automake-1.4
>>   autoconf
>> 6) unpack a recent libnfnetlink from 
>> ftp://ftp.netfilter.org/pub/libnfnetlink/snapshot/
>> make a symlink from libnfnetlink-2005xxxx to libnfnetlink so that 
>> libctnetlink can find it
>> 7) run:
>>   automake-1.4
>>   autoconf
>> 8) inside the libctnetlink dir
>> ./configure
>> make
>> make install
>> 9) inside the libnfnetlink dir
>> ./configure
>> make
>> make install
> 
> 
> Thanks, people surely would appreciate this to save time.
> 
>> Attached is my candidate patch for ctnltest.c which can be compiled with:
> 
> 
> fix ctnl_del_conntrack, CTA_UNSPEC isn't ok as 3rd param.
> 
> -- 
> Pablo
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic