conntrack mark question
Stijn Souffriau
stijn.souffriau at essensium.com
Tue Sep 20 10:17:49 EDT 2011
On 09/20/2011 03:23 PM, Thomas Graf wrote:
> On Mon, Sep 19, 2011 at 11:47:26PM +0200, Stijn Souffriau wrote:
>> Hello all,
>>
>> I would like to change the conntrack mark of a connection using
>> libnl. I have managed to query and delete connections using the
>> *nfnl_ct_query *and *nfnl_ct_del *functions but I haven't succeeded
>> yet in modifying a connection. I believe that *nfnl_ct_add *would
>> allow me to do this but despide returning NLE_SUCCESS I see no
>> change in the mark.
>>
>> Some of my code:
>> ...
>> nfnl_ct_set_family ( ct_object, AF_INET ); // IPv4
>> nfnl_ct_set_proto ( ct_object, 6 ); // TCP
>> nfnl_ct_set_src ( ct_object, 0, src_addr );
>> nfnl_ct_set_dst ( ct_object, 0, dest_addr );
>> nfnl_ct_set_src_port( ct_object, 0, src_port );
>> nfnl_ct_set_dst_port( ct_object, 0, dst_port );
>> nfnl_ct_set_mark( ct_object, mark );
>> nfnl_ct_add(nfnl_conntrack_sock, ct_object, NLM_F_REQUEST|NLM_F_ACK);
>> ...
>>
>> Note that if I use these attributes, except for the mark, in a query
>> then I receive the connection whose mark I meant to change.
> Can you run your program with NLCB=debug ./program and post the output?
I've attached the debug output. Hopefully you understand it better then me.
Two operations are done:
1) nfnl_ct_add : to mark the connection
2) nfnl_ct_query: to get the connection object (this returns the
UNmarked connection)
This message and any attachments herein are confidential, intended solely for the addressees and are SoftAtHome's ownership. Any unauthorized use or dissemination is prohibited. If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: libnl.debug
URL: <http://lists.infradead.org/pipermail/libnl/attachments/20110920/c639b620/attachment.ksh>
More information about the libnl
mailing list