From: Vijaya Chandra Vupputuri <vijay@tachyontech.net>
To: immidi@spymac.com
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: NAT question
Date: Wed, 30 Jun 2004 19:32:37 +0530 [thread overview]
Message-ID: <1088604156.27771.9.camel@vijay> (raw)
In-Reply-To: <20040630132829.9B5144C0DC@spy10.spymac.net>
I have just grepped for icmp in /proc/net/ip_conntrack while pinging the
same box from two systems
icmp 1 29 src=192.168.1.80 dst=172.16.0.102 type=8 code=0 id=62829
src=172.16.0.102 dst=172.16.0.100 type=0 code=0 id=62829 use=1
icmp 1 29 src=192.168.1.180 dst=172.16.0.102 type=8 code=0 id=38527
src=172.16.0.102 dst=172.16.0.100 type=0 code=0 id=38527 use=1
The 'identifier' of the ICMP msg seems to be the key that is being used
for guessing the actual source while handling the response.
No idea as to what would happen if both the systems decide to use the
same identifier though.
The ICMP RFC says
The identifier and sequence number may be used by the echo sender
to aid in matching the replies with the echo requests. For
example, the identifier might be used like a port in TCP or UDP to
identify a session, and the sequence number might be incremented
on each echo request sent. The echoer returns these same values
in the echo reply.
I guess conntrack would change the id just like it does with the tcp/udp
ports in case of a clash to identify the correct destination while
handling the response.
Regards,
Vijay.
On Wed, 2004-06-30 at 18:58, Kiran Kumar Immidi wrote:
>
> Regards,
> Kiran Kumar Immidi
>
> On Wed, 30 Jun 2004 17:56 , Vijaya Chandra Vupputuri
> <vijay@tachyontech.net> sent:
>
> >If A and B send packets to a server, say google.com:80 using the
> local
> >port 10000, when the pkts get SNATed on C, the source ports would be
> >different from 10000 (21000 and 32000 for example) and when
> google.com
> >sends back the packets to those new port numbers, conntrack would
> change
> >the dst-port numbers to 10000 along with the dst-ip address.
>
> Oh yes, this answers my question. But how about ICMP which does not
> have a concept of port?
> I have asked this in another mail.
>
>
> ______________________________________________________________________
> Cool Things Happen When Mac Users Meet! Join the community in Boston
> this July: www.macworldexpo.com
next prev parent reply other threads:[~2004-06-30 14:02 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-30 13:28 NAT question Kiran Kumar Immidi
2004-06-30 14:02 ` Vijaya Chandra Vupputuri [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-01-25 16:16 Stephen Clark
2012-01-25 17:30 ` Jan Engelhardt
2005-03-11 15:15 Justin Piszcz
2005-03-11 12:43 Dimitri Yioulos
2005-03-11 12:50 ` Jason Opperisano
2005-03-11 13:56 ` Dimitri Yioulos
2005-03-11 15:13 ` Jason Opperisano
2005-03-11 15:41 ` Dimitri Yioulos
2005-03-11 15:46 ` Jason Opperisano
2005-03-11 13:06 ` John A. Sullivan III
2004-06-30 13:25 Kiran Kumar Immidi
2004-06-30 14:21 ` Henrik Nordstrom
2004-06-30 11:36 Kiran Kumar Immidi
2004-06-30 11:55 ` Henrik Nordstrom
2004-06-30 12:26 ` Vijaya Chandra Vupputuri
2003-07-19 15:09 Ray Blair
2003-04-10 10:30 Philippe Dhont (Sea-ro)
2003-04-09 9:51 Philippe Dhont (Sea-ro)
2003-04-09 10:27 ` Cedric Blancher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1088604156.27771.9.camel@vijay \
--to=vijay@tachyontech.net \
--cc=immidi@spymac.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.