/proc/net/ip_conntrack problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I need to maintain a log of SNAT'd connections/disconnections
which contain the source/dest ip/port of the host before
SNAT'ing. As discussed on this list before, the POSTROUTING -j LOG
target doesnt provide this information, so I've written a crude
logger of my own.

This logger is a perl script which does the following:

Every second:

. Reads the content of /proc/net/ip_conntrack.

. Searches for entries in the ip_conntrack data which it
  doesnt have in its own list, adds them to its own
  list and logs a 'connect' for that entry.

. Searches for entries in its own list which no longer
  appear in the ip_conntrack data, removes them from
  its own list and logs a 'disconnect' for that entry.


This seems to work OK apart from one thing. From time
to time, the output from /proc/net/ip_conntrack seems
to get truncated. This means that I erroneously flag
all the missing items as 'disconnected', and then next
time I read ip_conntrack (this time without truncation)
all the previously missing entries reapper and then get
flagged as 'connected' again.
I can also experience the truncation if I repeatedly grep
for a known src= + dst= line in ip_conntrack. Occasionally
grep doesnt find it.

What happens if the ip_conntrack data is being updated
at the instant /proc/net/ip_conntrack is being read?
Is there the possibility of a race condition here which
might explain what I'm seeing? Any suggestions welcome.

Cheers,
Terry.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux