Re: conntrack performance/DoS formula

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Henrik Nordstrom <hno@marasystems.com>
To: don-nf@isis.cs3-inc.com (Don Cohen), Patrick Schaaf <bof@bof.de>
Cc: netfilter-devel@lists.samba.org
Subject: Re: conntrack performance/DoS formula
Date: Mon, 1 Jul 2002 10:07:25 +0200	[thread overview]
Message-ID: <200207011007.25108.hno@marasystems.com> (raw)
In-Reply-To: <15647.24217.324807.354846@isis.cs3-inc.com>

Don Cohen wrote:

> On a related subject, I'm worried that UNREPLIED might not mean
> what I think it does.  Your data contains things like:
>  tcp 6 387070 ESTABLISHED src=9.163.211.64 dst=165.130.71.38 sport=3228
>  dport=1301 [UNREPLIED] src=165.130.71.38 dst=9.163.211.64 sport=1301
>  dport=3228 use=1
> How can one half of the connection be established while the other half
> is unreplied?

The ESTABLISHED indicates the TCP state, UNREPLIED indicates the conntrack 
state. This is a TCP session that has only seen ACK in one direction, no 
packets in the other.

Almost related note: The connection is not ASSURED.

Regards
Henrik

next prev parent reply	other threads:[~2002-07-01  8:07 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-27 20:46 conntrack performance/DoS formula Don Cohen
2002-06-28  6:23 ` Patrick Schaaf
2002-06-28 17:53   ` Don Cohen
2002-06-28 18:36     ` Patrick Schaaf
2002-06-28 19:03       ` Don Cohen
2002-06-28 19:35         ` Patrick Schaaf
2002-06-28 19:39           ` Patrick Schaaf
2002-06-28 21:10           ` Don Cohen
2002-06-28 21:28             ` Patrick Schaaf
2002-06-28 21:49               ` Don Cohen
2002-06-28 22:30               ` Don Cohen
2002-06-29  9:03                 ` Patrick Schaaf
2002-06-29 16:48                   ` Don Cohen
2002-06-29 17:22                     ` Patrick Schaaf
2002-07-05 13:47                       ` Harald Welte
2002-06-29 17:33                     ` Patrick Schaaf
2002-06-29  9:29                 ` Patrick Schaaf
2002-06-29 12:07                 ` Patrick Schaaf
2002-06-29 12:34                   ` Patrick Schaaf
2002-06-30  8:31                     ` Patrick Schaaf
2002-06-30 19:40                       ` Don Cohen
2002-07-01  8:07                         ` Henrik Nordstrom [this message]
2002-07-01 17:49                           ` Don Cohen
2002-07-02  7:58                             ` Henrik Nordstrom
     [not found]                           ` <15652.38084.704660.234319@isis.cs3-inc.com>
2002-07-04 21:53                             ` Henrik Nordstrom
2002-07-05  7:08                               ` Don Cohen
2002-07-05 11:41                                 ` Henrik Nordstrom
2002-07-06  2:49                                   ` Don Cohen
2002-07-02 14:55                         ` Harald Welte
2002-07-02 14:40         ` Harald Welte
2002-07-02 16:32           ` Patrick Schaaf
2002-07-02 16:35             ` Patrick Schaaf
2002-07-02 16:53               ` Henrik Nordstrom
2002-07-02 17:48               ` Don Cohen
2002-07-02 18:31                 ` Patrick Schaaf
2002-07-02 21:52                   ` cttest-0.1 Patrick Schaaf
2002-07-03  4:15                     ` cttest-0.1 Joakim Axelsson
2002-07-05 15:37                       ` cttest-0.1 Martin Josefsson
2002-07-05 16:10                       ` cttest-0.1 Joakim Axelsson
2002-07-05 16:54                         ` cttest-0.1 Patrick Schaaf
2002-07-05 16:53                           ` cttest-0.1 Joakim Axelsson
2002-07-06  6:10                             ` cttest-0.1 Andrew Smith
2002-07-06  7:12                               ` cttest-0.1 Patrick Schaaf
2002-07-06 15:23                                 ` cttest-0.1 Patrick Schaaf
2002-07-06 21:14                                   ` cttest-0.1 Joakim Axelsson
2002-07-06 22:41                                     ` cttest-0.1 Joakim Axelsson
2002-07-06 23:16                                       ` cttest-0.1 Joakim Axelsson
2002-07-07  2:30                                         ` cttest-0.1 Svenning Sorensen
2002-07-07  4:23                                           ` cttest-0.1 Joakim Axelsson
2002-07-07  5:46                                             ` cttest-0.1 Joakim Axelsson
2002-07-07 11:00                                               ` cttest-0.1 Henrik Nordstrom
2002-07-06 22:54                                     ` cttest-0.1 Joakim Axelsson
2002-07-02 14:38 ` conntrack performance/DoS formula Harald Welte
     [not found] <20020701121404.B78724512@lists.samba.org>
2002-07-01 21:30 ` Don Cohen
2002-07-02  6:05   ` Patrick Schaaf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200207011007.25108.hno@marasystems.com \
    --to=hno@marasystems.com \
    --cc=bof@bof.de \
    --cc=don-nf@isis.cs3-inc.com \
    --cc=netfilter-devel@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.