From mboxrd@z Thu Jan 1 00:00:00 1970 From: KOVACS Krisztian Subject: Re: (no subject) Date: Wed, 16 Feb 2005 12:26:33 +0100 Message-ID: <1108553193.3685.7.camel@nienna.balabit> References: <20050215210947.32682.qmail@ad.mailbox.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: netfilter-devel In-reply-to: To: Jozsef Kadlecsik List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Hi, 2005-02-16, sze keltez=E9ssel 09.14-kor Jozsef Kadlecsik ezt =EDrta: > > To be short, my problem is the following: > > I must track outgoing SYN+ACK packets (confirmation of connection > > request) and incoming ACK packets acknowledging the SYN+ACKs. Wit= h this, > > the module would be able to calculate the ratio of half open > > connections. > > It is easy to track outgoing SYN+ACKs, but to decide if an incomi= ng ACK > > is a response to a former SYN+ACK I have to track the state of th= e TCP > > connection. Of course I dont want to do this, because the TCP con= ntrack > > module makes this - It would be a nonsense and a source of incons= istency > > to track the state in both modules. >=20 > You could rely on event notification from the nfnetlink-ctnetlink-0= .13 > patch from patch-o-matic-ng. Unfortunately it seems to me > nfnetlink-ctnetlink's a little bit out of sync compared to the rece= nt > kernel trees. The event notification part of ctnetlink is available for 2.6 kerne= ls as well (from the netfilter-ha patchset, for example), thanks to Pabl= o Neira's work. --=20 KOVACS Krisztian