ons 2007-02-21 klockan 08:58 +0100 skrev Thomas Mader:
> Hello everybody,
> 
> we wrote a kernelspace module which uses the now deprecated
> ip_conntrack API and we are trying to switch to the new nf_conntrack
> but this seems to be a little bit more problematic than we thought
> first.
> What we want is to build a nf_conntrack_tuple to get the hash for an
> existing connection and finally the id of the connection.

Looking at your code I don't quite get why you need to build the tuple
again or ask for the conntrack hash lookup. Isn't you looking for the
conntrack associated with the packet sent to the match function? If so
just ask for it with nf_ct_get() as it's already associated with the
sk_buff and no need to look it up in the conntrack hash. To keep a
reference outside the match function scope use
nf_conntrack_get/nf_conntrack_put to maintain the lock count. While you
are inside the match function the conntrack is locked by the sk_buff.

Regards
Henrik