[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: switch from ip_conntrack to nf_conntrack
From:       Henrik Nordstrom <henrik () henriknordstrom ! net>
Date:       2007-02-22 23:54:21
Message-ID: 1172188461.544.63.camel () henriknordstrom ! net
[Download RAW message or body]


ons 2007-02-21 klockan 08:58 +0100 skrev Thomas Mader:
> Hello everybody,
>=20
> we wrote a kernelspace module which uses the now deprecated
> ip_conntrack API and we are trying to switch to the new nf_conntrack
> but this seems to be a little bit more problematic than we thought
> first.
> What we want is to build a nf_conntrack_tuple to get the hash for an
> existing connection and finally the id of the connection.

Looking at your code I don't quite get why you need to build the tuple
again or ask for the conntrack hash lookup. Isn't you looking for the
conntrack associated with the packet sent to the match function? If so
just ask for it with nf_ct_get() as it's already associated with the
sk_buff and no need to look it up in the conntrack hash. To keep a
reference outside the match function scope use
nf_conntrack_get/nf_conntrack_put to maintain the lock count. While you
are inside the match function the conntrack is locked by the sk_buff.

Regards
Henrik

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]