From: Eddahbi Karim <installation_fault_association@yahoo.fr>
To: netfilter@lists.netfilter.org
Subject: Re: UDP connections and Conntrack...
Date: Wed, 07 Jan 2004 17:23:10 +0100 [thread overview]
Message-ID: <1073492589.9732.16.camel@gamux> (raw)
In-Reply-To: <Pine.LNX.4.33.0401071254170.18324-100000@blackhole.kfki.hu>
Le mer 07/01/2004 à 12:57, Jozsef Kadlecsik a écrit :
> On Wed, 7 Jan 2004, Eddahbi Karim wrote:
>
> > The connection state change at the nat table of the PREROUTING chain and
> > at the nat table of the OUTPUT chain.
>
> False. Check the source code.
After checking the source code, I can see that the two principals hooks
are on these chain.
/* Connection tracking may drop packets, but never alters them, so
make it the first hook. */
static struct nf_hook_ops ip_conntrack_in_ops = {
.hook = ip_conntrack_in,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_CONNTRACK,
};
static struct nf_hook_ops ip_conntrack_local_out_ops = {
.hook = ip_conntrack_local,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_OUT,
.priority = NF_IP_PRI_CONNTRACK,
};
Now, I can't really bet these hooks are on the nat table but conntrack
and nat are very related.
I get the information here :
http://iptables-tutorial.frozentux.net/chunkyhtml/statemachine.html
There's another explanation here :
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
If I'm wrong, I want to have a proof...
>
> > Btw Iptables for IPv6 doesn't have any conntrack for the moment ;-).
>
> There is an experimental code which you can find in the mailing list
> archives. It's not in p-o-m yet.
>
Ok thanks :),
--
--
Eddahbi Karim
Phone :
(33) (0)6 61 30 57 77
France
next parent reply other threads:[~2004-01-07 16:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.33.0401071254170.18324-100000@blackhole.kfki.hu>
2004-01-07 16:23 ` Eddahbi Karim [this message]
2004-01-08 7:22 ` UDP connections and Conntrack Jozsef Kadlecsik
2004-01-09 7:09 ` Eddahbi Karim
[not found] <Pine.LNX.4.33.0401071011330.18324-100000@blackhole.kfki.hu>
2004-01-07 13:33 ` Eddahbi Karim
2004-01-03 5:04 Eddahbi Karim
2004-01-05 12:33 ` Jozsef Kadlecsik
2004-01-06 12:35 ` Eddahbi Karim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1073492589.9732.16.camel@gamux \
--to=installation_fault_association@yahoo.fr \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.