One of the greatest political writers in the country has been writing for his local newspaper. Poltical corrections. He's never been very impressed by John Howard, treasurer or prime minister. Nor Peter Costello:

But if Howard was wrong about most things, he at least got Peter Costello right.

For eleven years the man sat their drooling, lusting after the leadership of his party, talking up a storm to his credulous colleagues, plotting with sycophants, sending out his dwarfish messenger Glenn Milne to relate improbable stories of his talent and support. He never actually had the guts to do anything about it, but by golly he let it be known that when the opportunity came, he would show us all.

And when his party was not only ready to offer him the prize, was indeed in real need of his services, Costello spat the dummy right out of the ground. Prime Minister, with all the trappings of office and all the resources of government, would be just fine; but leader of the opposition, the challenge Kevin Rudd took on at precisely Costello’s age before sweeping to victory in less than a year, looked just a little too much like hard work. Poor Petey-pie, too old at fifty, too lazy at any time.

Mungo's skill is to take what we all know, but to write it out so clearly that it seems new.

It all looks so easy, fill in a structure of the packets you want to see:

memset(&helper, 0, sizeof(struct nf_conntrack_helper));
/* Information about this conntrack module. */
helper.name = "skinny";
helper.me = THIS_MODULE;
helper.help = skinny_conntrack_helper;
helper.max_expected = 1;
helper.timeout = 0;
/* Send all Skinny packets to this conntrack module. */
helper.tuple.src.l3num = AF_INET;
helper.tuple.dst.protonum = IPPROTO_TCP;
helper.tuple.dst.u.tcp.port = htons(2000);

and then kick it off

ret = nf_conntrack_helper_register(&helper);

Now skinny_conntrack_helper() should be called for each TCP packet on port 2000. But it's not, it's called for almost anything but. The registration comes with a mask option, so I use that too, even though little of the kernel conntrack modules use masks (if so, how do they work? Do they work?)

helper.mask.dst.protonum = 0xff;
helper.mask.src.l3num = 0xffff;
helper.mask.dst.u.tcp.port = __constant_htons(0xffff);

No difference. Sigh. I'd love some up-to-date documentation at this point. But that appears to be too much to hope for. "Use the code Luke" is just confusion, since practice there seems contradictory. And I've wasted a whole evening over this, sigh.


Glen Turner

August 2017

27 28293031  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated 2017-10-19 01:33
Powered by Dreamwidth Studios