From: "Neal P. Murphy" <neal.p.murphy@alum.wpi.edu>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: conntrack and ICMP echo replies not showing as ESTABLISHED
Date: Tue, 2 Jan 2018 18:36:45 -0500 [thread overview]
Message-ID: <20180102183645.77a59ecc@playground> (raw)
In-Reply-To: <28c711a6f49a42059d3cf6b47b486f8d@CCDEX023.corp.corpcommon.com>
On Tue, 2 Jan 2018 21:56:07 +0000
André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@evry.com> wrote:
> As far as I can tell - ESTABLISHED - is only for session based protocols like TCP .
> You will not see that for UDP or ICMP , as far as CONNTRACK is concerned .
With netfilter, there are five connection states: NEW, RELATED, ESTABLISHED, INVALID and RAW.
- A NEW packet is the first packet of a new peer-to-peer communication connection
(a conn), be it TCP, SCTP, UDP, GRE, or any other protocol.
- A RELATED packet is the first packet of a new conn that netfilter determined is
related to an existing conn (the data conn of an FTP conn, for example).
- When two-way communication is established with a reply packet, the conn's state
changes to ESTABLISHED.
- INVALID packets are those that netfilter has received but has no idea what to do
with them; they are packets that can only belong to an ESTABLISHED conn but it can
find no such conn in its database.
- I think RAW packets are those that netfilter has been told not to process; but I'm
not sure of this as I've never had reason to use RAW packets.
In netfilter, 'connection' is not related to connection-oriented protocols. It has to do with the relationship--the logical connection--between two endpoints on a LAN or on some internetwork of them. It is much like two people talking on a walkie-talkie, two people exchanging TXT MSGs, or two people talking on a phone that has a circuit-switched connection set up between them.
next prev parent reply other threads:[~2018-01-02 23:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-02 21:05 conntrack and ICMP echo replies not showing as ESTABLISHED Oliver O'Boyle
2018-01-02 21:56 ` André Paulsberg-Csibi (IBM Consultant)
2018-01-02 23:36 ` Neal P. Murphy [this message]
2018-01-03 10:13 ` André Paulsberg-Csibi (IBM Consultant)
2018-01-03 14:01 ` Oliver O'Boyle
2018-01-03 14:34 ` Humberto Jucá
2018-01-03 15:15 ` Oliver O'Boyle
2018-01-03 17:51 ` Oliver O'Boyle
2018-01-02 23:46 ` Pascal Hambourg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180102183645.77a59ecc@playground \
--to=neal.p.murphy@alum.wpi.edu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.