[personal profile] gdt

It all looks so easy, fill in a structure of the packets you want to see:

memset(&helper, 0, sizeof(struct nf_conntrack_helper));
/* Information about this conntrack module. */
helper.name = "skinny";
helper.me = THIS_MODULE;
helper.help = skinny_conntrack_helper;
helper.max_expected = 1;
helper.timeout = 0;
/* Send all Skinny packets to this conntrack module. */
helper.tuple.src.l3num = AF_INET;
helper.tuple.dst.protonum = IPPROTO_TCP;
helper.tuple.dst.u.tcp.port = htons(2000);

and then kick it off

ret = nf_conntrack_helper_register(&helper);

Now skinny_conntrack_helper() should be called for each TCP packet on port 2000. But it's not, it's called for almost anything but. The registration comes with a mask option, so I use that too, even though little of the kernel conntrack modules use masks (if so, how do they work? Do they work?)

helper.mask.dst.protonum = 0xff;
helper.mask.src.l3num = 0xffff;
helper.mask.dst.u.tcp.port = __constant_htons(0xffff);

No difference. Sigh. I'd love some up-to-date documentation at this point. But that appears to be too much to hope for. "Use the code Luke" is just confusion, since practice there seems contradictory. And I've wasted a whole evening over this, sigh.

From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User (will be screened)
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org


 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

Glen Turner

July 2017

S M T W T F S
      1
2345678
9 101112131415
16171819202122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated 2017-08-22 20:47
Powered by Dreamwidth Studios