Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.apps > #384

connection tracking accounting design glitch

Show key headers only | View raw

The kernel loads nfnetlink sub-protocol modules upon reception of the
first message for a particular sub-protocol. An application listening
for connection tracking accounting events via libnetfilter_conntrack
(tested with 0.9.1) usually doesn't ever send anything to the kernel
and this implies that such an application won't ever receive
connection tracking accounting events except if the
nf_conntrack_netlink module either was already loaded or gets loaded
as side effect of operations performed by some other application, eg,
by manually executing a conntrack -L.

It is possible to work around this by sending some nonsense message to
the kernel and thus causing the module to be loaded before starting to
listen for accounting events. Below is some example (GPL) code which actually
does this.

----------------------------
static void force_module_load(struct nfct_handle *h)
{
    /*
      The kernel loads nfnetlink sub protocol modules upon
      receipt of a message of the corresponding type. In order
      to receive CTACCT messages, it is therefore necessary
      to send something to the kernel which triggers loading
      of the nf_conntrack_netlink module.
    */
    struct nf_conntrack *nfct;
    int rc;

    nfct = nfct_new();
    nfct || sys_die(__func__, "nfct_new", errno);

    nfct_set_attr_u8(nfct, ATTR_L3PROTO, AF_INET);
    
    rc = nfct_query(h, NFCT_Q_CREATE, nfct);
    if (rc == -1 && errno != EINVAL) sys_die(__func__, "nfct_query", errno); /* EINVAL expected */

    nfct_destroy(nfct);
}

Back to comp.os.linux.development.apps | Previous | Next | Find similar

Thread

connection tracking accounting design glitch Rainer Weikusat <rweikusat@mssgmbh.com> - 2012-01-10 16:16 +0000

csiph-web