switch from ip_conntrack to nf_conntrack

Hello everybody,

we wrote a kernelspace module which uses the now deprecated
ip_conntrack API and we are trying to switch to the new
nf_conntrack
but this seems to be a little bit more problematic than we
thought
first.
What we want is to build a nf_conntrack_tuple to get the
hash for an
existing connection and finally the id of the connection.
Everything worked fine with the old ip_conntrack stuff but
now we don't
get any matching tuples any more.
We also managed to find out that /proc/net/nf_conntrack only
has
entries when we load nf_conntrack_ipv4 before, but even if
we load it,
the problem is not solved by that.
Maybe someone can help us with this, I will attach the code
of our
module for better clarification.

thanks and best regards,
Thomas

ons 2007-02-21 klockan 08:58 +0100 skrev Thomas Mader:
> Hello everybody,
> 
> we wrote a kernelspace module which uses the now
deprecated
> ip_conntrack API and we are trying to switch to the new
nf_conntrack
> but this seems to be a little bit more problematic than
we thought
> first.
> What we want is to build a nf_conntrack_tuple to get
the hash for an
> existing connection and finally the id of the
connection.

Looking at your code I don't quite get why you need to build
the tuple
again or ask for the conntrack hash lookup. Isn't you
looking for the
conntrack associated with the packet sent to the match
function? If so
just ask for it with nf_ct_get() as it's already associated
with the
sk_buff and no need to look it up in the conntrack hash. To
keep a
reference outside the match function scope use
nf_conntrack_get/nf_conntrack_put to maintain the lock
count. While you
are inside the match function the conntrack is locked by the
sk_buff.

Regards
Henrik