From: Amin Azez <azez@ufomechanic.net>
Cc: netfilter-devel@lists.netfilter.org, Pablo Neira <pablo@eurodev.net>
Subject: IPCT_NEW comes from was Re: extending conntrack event data
Date: Mon, 25 Apr 2005 17:35:53 +0100 [thread overview]
Message-ID: <426D1C69.2060107@ufomechanic.net> (raw)
In-Reply-To: <426CF5FC.6090409@ufomechanic.net>
Looking at some of my skb->nfcache debugging
(de8ce580 is the skb address)
during tcp_packet, I get calls to ip_conntrack_event_cache which changes
nfcache thus:
* event_cache on de8ce580 from 4000 to 4040
* event_cache on de8ce580 from 4040 to 4060
* {leave tcp_packet}
* event_cache on de8ce580 from 4060 to 4068
* event_cache on de8ce580 from 4068 to 4078
* deliver_cached_events c079 right now skb de8ce580
By the time ip_confirm is called some more stuff has happened to
nfcache, hence ip_confirm c079 de8ce580
Question is how did the nfcache get from 4078 to c079
It was c079 when ip_confirm was called
Whence the extra 8001 that has been combined? The 1 is IPCT_NEW, the
8000 is NFC_ALTERED
NFC_ALTERED is used in various places, the most like in
ip_ct_gather_frags but this hardly seems likely if src and dst machines
are on the same subnet?
I confirmed with logging that it isn't there so I will have to add debug
to all the other places to see which one is guilty.
Azez
next prev parent reply other threads:[~2005-04-25 16:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-19 13:37 nfnetlink/ctnetlink from pom-ng r3884 Wang Jian
2005-04-20 0:55 ` Pablo Neira
2005-04-21 8:21 ` Wang Jian
2005-04-21 11:05 ` Pablo Neira
2005-04-21 11:29 ` Wang Jian
2005-04-20 13:41 ` Amin Azez
2005-04-20 14:17 ` Samuel Liddicott
2005-04-20 22:44 ` Pablo Neira
2005-04-21 8:07 ` Amin Azez
2005-04-21 9:25 ` extending conntrack event data Amin Azez
2005-04-21 9:49 ` Amin Azez
2005-04-21 10:14 ` Wang Jian
2005-04-21 11:04 ` Pablo Neira
2005-04-25 13:51 ` Amin Azez
2005-04-25 16:35 ` Amin Azez [this message]
2005-04-25 16:43 ` IPCT_NEW comes from was " Amin Azez
2005-04-26 13:37 ` BUG/CONFLICT conntrack with preroute/postroute mangle table Samuel Liddicott
2005-04-26 13:38 ` Amin Azez
2005-05-05 11:08 ` Amin Azez
2005-05-05 13:36 ` RFC for fix? Was " Amin Azez
2005-05-05 16:05 ` Pablo Neira
2005-05-09 11:11 ` Amin Azez
2005-05-09 13:48 ` Amin Azez
2005-04-21 11:04 ` extending conntrack event data Amin Azez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=426D1C69.2060107@ufomechanic.net \
--to=azez@ufomechanic.net \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@eurodev.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.