Login or Register to Ask a Question and Join Our Community


Programming

Problem in registering new netfilter target module

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming Problem in registering new netfilter target module
# 1  
Old 11-09-2005
Problem in registering new netfilter target module
Friends I'm facing a big problem trying to extend the netfilter. Somone please help me with your quick reply (any hint) as I've to meet a deadline.

My problem is that I've written a new netfilter target module and its corresponding userspace program for iptables to change the packet type of a packet. I compiled the iptables and kernel without any error and installed this new kernel (with newly compiled parameters) in my boot partition.

Next when I booted into this kernel and tried using this target it gives error "invalid argument" which I think is coming because the target module is not geting loaded (as on failure it returns EINVAL).

Now can anyone tell me what may b the problem.
I think I can summarise my problem as what can b pozbl. reasons for which any kernel module not get registered.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Problem with ssh on target server.

ssh works from source server srcuser@10.8.44.13 to all other target servers except one which is target server trguser@10.8.44.43 On target the <trguser-home>/.ssh folder is set to permission 700 and authorized_keys file is set to permissions 600 cksum for id_rsa.pub on source 10.8.44.13 and... (8 Replies)
Discussion started by: mohtashims
8 Replies

2. HP-UX

After adding new iscsi target port, still the session state of that target port is showing offline

Hi, I wanted to configure new iscsi port on HPUX system, i added the target port address and configured it, once done, went to array side and searched for that host iqn number , but was nt able to find the same, came to host, then when i ran "iscsiutil -pVS" command it gave me below result ... (0 Replies)
Discussion started by: Vinay Kumar D
0 Replies

3. Red Hat

Problem registering a new system

Hi, A registered a new system the other day using the subscription-manager (RedHat ES6, Academic edition) but it's not showing up on the web site so that I can entitle it and get updates, etc. Any ideas? ~ Rob (1 Reply)
Discussion started by: caspersgrin
1 Replies

4. UNIX for Advanced & Expert Users

Problem loading cpufreq module

I'd like to install cpufreq modules on my server . I tried sudo modprobe acpi-cpufreq but got the error FATAL: Error inserting acpi_cpufreq (/lib/modules/2.6.18-238.12.1.el5xen/kernel/arch/x86_64/kernel/cpufreq/acpi-cpufreq.ko): No such device cat /proc/cpuinfo gives this ... (11 Replies)
Discussion started by: vishwamitra
11 Replies

5. UNIX for Advanced & Expert Users

problem with netfilter hook function struct skbuff *sock is null..

iam trying to built a firewall.so i have used netfilter for it. in function main_hook sock_buff is returning null and in my log file continuously "sock buff null" is printed plse help to solve this problem.. (using print_string iam printing strings on current terminal (terminal we ping)) ... (1 Reply)
Discussion started by: pavan6754
1 Replies

6. UNIX for Advanced & Expert Users

Kernel module compilation problem

I have one big module 2.6.18 kernel mod.c I want to divide this to several files. The problem is to write right Makefile lib1.h lib1.c mod.c mod.c works fine normally but when I divide into several files and try to compile with this makefile obj-m := mod.o mod-objs := lib1.o ... (3 Replies)
Discussion started by: marcintom
3 Replies

7. Shell Programming and Scripting

Compatibility problem of Tk Module in different versions

Hi, I am using Tk module in perl 5.6 and it is working fine. Now when i installed the newer version 5.10.0 then getting error that Tk module not found. But i will have to work on this newer verison only to use some other modules of perl. I want to know why Tk module is not working in newer... (6 Replies)
Discussion started by: kunal_dixit
6 Replies

8. Red Hat

Problem with kernel-module-ntfs

Hi All Im trying to access the my windows XP NTFS from Redhat linux 4.0 Enterprise edition I have downloaded the respective rpm And im able to install it successfully Then i have given the following command , but got an error Here are my partitions And when i give the below... (1 Reply)
Discussion started by: balumankala
1 Replies

9. Programming

Basic multi module problem

I am trying to learn how to use multiple modules and hearder files. I have tried a little experiment but cannot get it to work. Here is my code and compilation attempt. Any help with finding my problems appreciated. The main function (main01.c) calls a function located in another file... (9 Replies)
Discussion started by: enuenu
9 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

conntrack

CONNTRACK(8)															      CONNTRACK(8)

NAME

       conntrack - command line interface for netfilter connection tracking

SYNOPSIS

       conntrack -L [table] [options] [-z]
       conntrack -G [table] parameters
       conntrack -D [table] parameters
       conntrack -I [table] parameters
       conntrack -U [table] parameters
       conntrack -E [table] [options]
       conntrack -F [table]
       conntrack -C [table]
       conntrack -S

DESCRIPTION

       conntrack  provides  a  full  featured  userspace interface to the netfilter connection tracking system that is intended to replace the old
       /proc/net/ip_conntrack interface. This tool can be used to search, list, inspect and maintain the  connection  tracking	subsystem  of  the
       Linux  kernel.  Using conntrack , you can dump a list of all (or a filtered selection of) currently tracked connections, delete connections
       from the state table, and even add new ones.

       In addition, you can also monitor connection tracking events, e.g. show an event message (one line) per newly established connection.

TABLES

       The connection tracking subsystem maintains two internal tables:

       conntrack:
	      This is the default table.  It contains a list of all currently tracked connections through the system.  If you don't use connection
	      tracking exemptions (NOTRACK iptables target), this means all connections that go through the system.

       expect:
	      This  is	the  table  of	expectations.	Connection tracking expectations are the mechanism used to "expect" RELATED connections to
	      existing ones.  Expectations are generally used by "connection  tracking	helpers"  (sometimes  called  application  level  gateways
	      [ALGs]) for more complex protocols such as FTP, SIP, H.323.

OPTIONS

       The options recognized by conntrack can be divided into several different groups.

   COMMANDS
       These options specify the particular operation to perform.  Only one of them can be specified at any given time.

       -L --dump
	      List connection tracking or expectation table

       -G, --get
	      Search for and show a particular (matching) entry in the given table.

       -D, --delete
	      Delete an entry from the given table.

       -I, --create
	      Create a new entry from the given table.

       -U, --update
	      Update an entry from the given table.

       -E, --event
	      Display a real-time event log.

       -F, --flush
	      Flush the whole given table

       -C, --count
	      Show the table counter.

       -S, --stats
	      Show the in-kernel connection tracking system statistics.

   PARAMETERS
       -z, --zero
	      Atomically zero counters after reading them.  This option is only valid in combination with the "-L, --dump" command options.

       -o, --output [extended,xml,timestamp,id,ktimestamp]
	      Display output in a certain format. With the extended output option, this tool displays the layer 3 information. With ktimestamp, it
	      displays the in-kernel timestamp available since 2.6.38 (you can enable it via echo 1  >	/proc/sys/net/netfilter/nf_conntrack_time-
	      stamp).

       -e, --event-mask [ALL|NEW|UPDATES|DESTROY][,...]
	      Set  the bitmask of events that are to be generated by the in-kernel ctnetlink event code.  Using this parameter, you can reduce the
	      event messages generated by the kernel to those types to those that you are actually interested in.  This option can only be used in
	      conjunction with "-E, --event".

       -b, --buffer-size value (in bytes)
	      Set  the	Netlink socket buffer size. This option is useful if the command line tool reports ENOBUFS errors. If you do not pass this
	      option, the default value available at /proc/sys/net/core/rmem_default is used. The tool reports this problem if your process is too
	      slow  to handle all the event messages or, in other words, if the amount of events are big enough to overrun the socket buffer. Note
	      that using a big buffer reduces the chances to hit ENOBUFS, however, this results in more memory consumption.  This option can  only
	      be used in conjunction with "-E, --event".

   FILTER PARAMETERS
       -s, --orig-src IP_ADDRESS
	      Match only entries whose source address in the original direction equals the one specified as argument.

       -d, --orig-dst IP_ADDRESS
	      Match only entries whose destination address in the original direction equals the one specified as argument.

       -r, --reply-src IP_ADDRESS
	      Match only entries whose source address in the reply direction equals the one specified as argument.

       -q, --reply-dst IP_ADDRESS
	      Match only entries whose destination address in the reply direction equals the one specified as argument.

       -p, --proto PROTO
	      Specify layer four (TCP, UDP, ...) protocol.

       -f, --family PROTO
	      Specify  layer  three  (ipv4,  ipv6)  protocol  This option is only required in conjunction with "-L, --dump". If this option is not
	      passed, the default layer 3 protocol will be IPv4.

       -t, --timeout TIMEOUT
	      Specify the timeout.

       -m, --mark MARK[/MASK]
	      Specify the conntrack mark.  Optionally, a mask value can be specified.  In "--update" mode,  this  mask	specifies  the	bits  that
	      should be zeroed before XORing the MARK value into the ctmark.  Otherwise, the mask is logically ANDed with the existing mark before
	      the comparision.	In "--create" mode, the mask is ignored.

       -c, --secmark SECMARK
	      Specify the conntrack selinux security mark.

       -u, --status [ASSURED|SEEN_REPLY|FIXED_TIMEOUT|EXPECTED|UNSET][,...]
	      Specify the conntrack status.

       -n, --src-nat
	      Filter source NAT connections.

       -g, --dst-nat
	      Filter destination NAT connections.

       -j, --any-nat
	      Filter any NAT connections.

       -w, --zone
	      Filter by conntrack zone. See iptables CT target for more information.

       --tuple-src IP_ADDRESS
	      Specify the tuple source address of an expectation.

       --tuple-dst IP_ADDRESS
	      Specify the tuple destination address of an expectation.

       --mask-src IP_ADDRESS
	      Specify the source address mask of an expectation.

       --mask-dst IP_ADDRESS
	      Specify the destination address mask of an expectation.

   PROTOCOL FILTER PARAMETERS
       TCP-specific fields:

       --sport, --orig-port-src PORT
	      Source port in original direction

       --dport, --orig-port-dst PORT
	      Destination port in original direction

       --reply-port-src PORT
	      Source port in reply direction

       --reply-port-dst PORT
	      Destination port in reply direction

       --state [NONE | SYN_SENT | SYN_RECV | ESTABLISHED | FIN_WAIT | CLOSE_WAIT | LAST_ACK | TIME_WAIT | CLOSE | LISTEN]
	      TCP state

       UDP-specific fields:

       --sport, --orig-port-src PORT
	      Source port in original direction

       --dport, --orig-port-dst PORT
	      Destination port in original direction

       --reply-port-src PORT
	      Source port in reply direction

       --reply-port-dst PORT
	      Destination port in reply direction

       ICMP-specific fields:

       --icmp-type TYPE
	      ICMP Type. Has to be specified numerically.

       --icmp-code CODE
	      ICMP Code. Has to be specified numerically.

       --icmp-id ID
	      ICMP Id. Has to be specified numerically (non-mandatory)

       UDPlite-specific fields:

       --sport, --orig-port-src PORT
	      Source port in original direction

       --dport, --orig-port-dst PORT
	      Destination port in original direction

       --reply-port-src PORT
	      Source port in reply direction

       --reply-port-dst PORT
	      Destination port in reply direction

       SCTP-specific fields:

       --sport, --orig-port-src PORT
	      Source port in original direction

       --dport, --orig-port-dst PORT
	      Destination port in original direction

       --reply-port-src PORT
	      Source port in reply direction

       --reply-port-dst PORT
	      Destination port in reply direction

       --state [NONE | CLOSED | COOKIE_WAIT | COOKIE_ECHOED | ESTABLISHED | SHUTDOWN_SENT | SHUTDOWN_RECD | SHUTDOWN_ACK_SENT]
	      SCTP state

       --orig-vtag value
	      Verification tag (32-bits value) in the original direction

       --reply-vtag value
	      Verification tag (32-bits value) in the reply direction

       DCCP-specific fields (needs Linux >= 2.6.30):

       --sport, --orig-port-src PORT
	      Source port in original direction

       --dport, --orig-port-dst PORT
	      Destination port in original direction

       --reply-port-src PORT
	      Source port in reply direction

       --reply-port-dst PORT
	      Destination port in reply direction

       --state [NONE | REQUEST | RESPOND | PARTOPEN | OPEN | CLOSEREQ | CLOSING | TIMEWAIT]
	      DCCP state --role [client | server] Role that the original conntrack tuple is tracking

       GRE-specific fields:

       --srckey, --orig-key-src KEY
	      Source key in original direction (in hexadecimal or decimal)

       --dstkey, --orig-key-dst KEY
	      Destination key in original direction (in hexadecimal or decimal)

       --reply-key-src KEY
	      Source key in reply direction (in hexadecimal or decimal)

       --reply-key-dst KEY
	      Destination key in reply direction (in hexadecimal or decimal)

       DIAGNOSTICS
	      The exit code is 0 for correct function.	Errors which appear to be caused by invalid command line parameters cause an exit code	of
	      2.  Any other errors cause an exit code of 1.

EXAMPLES

       conntrack -L
	      Show the connection tracking table in /proc/net/ip_conntrack format

       conntrack -L -o extended
	      Show the connection tracking table in /proc/net/nf_conntrack format

       conntrack -L -o xml
	      Show the connection tracking table in XML

       conntrack -L -f ipv6 -o extended
	      Only dump IPv6 connections in /proc/net/nf_conntrack format

       conntrack -L --src-nat
	      Show source NAT connections

       conntrack -E -o timestamp
	      Show connection events together with the timestamp

       conntrack -D -s 1.2.3.4
	      Delete all flow whose source address is 1.2.3.4

       conntrack -U -s 1.2.3.4 -m 1
	      Set connmark to 1 of all the flows whose source address is 1.2.3.4

BUGS

       Please, report them to netfilter-devel@vger.kernel.org or file a bug in Netfilter's bugzilla (https://bugzilla.netfilter.org).

SEE ALSO

       iptables(8)
       See http://conntrack-tools.netfilter.org

AUTHORS

       Jay  Schulist,  Patrick	McHardy,  Harald Welte and Pablo Neira Ayuso wrote the kernel-level "ctnetlink" interface that is used by the con-
       ntrack tool.

       Pablo Neira Ayuso wrote and maintain the conntrack tool, Harald Welte added support for conntrack based accounting counters.

       Man page written by Harald Welte <laforge@netfilter.org> and Pablo Neira Ayuso <pablo@netfilter.org>.

								    Jul 5, 2010 						      CONNTRACK(8)