iptables: tcp conntrack logging

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I want to write an extended logging of TCP-Connections: iptables -A

LOGTCP should just be a copy of ipt_LOG.c:

/* --------copy------------
static void dump_packet(const struct ipt_log_info *info, const struct
sk_buff *skb, unsigned int iphoff)
struct tcphdr _tcph, *th;

/* Max length: 10 "PROTO=TCP " */
printk("PROTO=TCP ");
--------copy------------ /*

And here [*] I want to call some functions from tcp_conntrack:
printk("tcp_in_window, sender->td_end, sender->td_maxend,
sender->maxwin, receiver->td_end, receiver->td_maxend,

The problem: I just don't know how to access these values from there.
ip_conntrack_get gives me a pointer to nowhere. I looked through
several other modules, but didn't find the idea to get started.

Re: iptables: tcp conntrack logging

Thomas Kling wrote:
Quoted text here. Click to load it

You might want to take that up on the netfilter list.
Resently, there's been several good discussions on logging.

Bear in mind that logging easily becomes too much of a performance
problems, since it'll be done through syslog.
Some have suggested using sniffers to catch unpleasenties. YMMV...

Kind regards,
Mogens Valentin

Site Timeline