where is the right entry point for matching a tracked related connection?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matthias Dettling <m-dettling@gmx.de>
To: netfilter-devel@lists.netfilter.org
Subject: where is the right entry point for matching a tracked related connection?
Date: Thu, 27 May 2004 01:47:32 +0200	[thread overview]
Message-ID: <40B52C94.20008@gmx.de> (raw)

Hello developers,

I am searching the right place in my linux kernel source (v 2.4.26) for 
extending the iptables command to match in a packet "RELATED" to a 
specific connection, informations that were tracked before.

In detail I want to use this for a FTP-connection.
My aim is to open a FTP control-connection on port 21 in passive mode. 
In the so opened channel, the port for the real data transfer is 
negotiated. This negotiated connection is tracked by the 
ftp-helper-module and is allowed, because it corresponds to the related 
connection on port 21 (FW-Rule: "iptables -A INPUT -p tcp --sport 1024: 
--dport 1024: -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT").

But there is no possibility to test wheter the related connection is 
really on port 21.
So I want to modify the matching module "conntrack" (ipt_conntrack.c) 
written by Marc Boucher to do so.

The thing i should know for doing this, is how i can get access to the 
information of a tracked "RELATED" connection.
After reading the hacking-howto i thought that access is gained through 
the pointer "nfct" of the "sk_buff" structure, but with this i can't 
find anywhere port informations of the originating packet (of the 
related connection).
Can somebody help me?

best regards

M. Dettling

next             reply	other threads:[~2004-05-26 23:47 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-26 23:47 Matthias Dettling [this message]
2004-05-27 10:45 ` where is the right entry point for matching a tracked related connection? Henrik Nordstrom

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40B52C94.20008@gmx.de \
    --to=m-dettling@gmx.de \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.