From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Nikolai Dahlem" Subject: can't change expectation: change_expect returns -1 (resend packet) Date: Thu, 20 Nov 2003 12:11:44 +0100 Sender: netfilter-devel-admin@lists.netfilter.org Message-ID: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C3AF5F.76B9AE20" Return-path: To: Errors-To: netfilter-devel-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: netfilter-devel.vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_0004_01C3AF5F.76B9AE20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, I'm raising an expectation in conntrack and im trying to change it in nat to the ip of the firewall + getting a free port, but in (almost) all cases change_expect returns -1 (resend packet without the same port). the odd thing is, in some cases it works ... I suppose I'm basically doing something plain wrong/stupid, because it shouldn't be treated as a resend packet. I attached some snippets from my syslog, how the expectation is risen in conntrack, and how it try to change it in nat. conntrack: ip_conntrack_sip.c:help:expect_related 172.30.8.100:5022-0.0.0.0:0 ip_conntrack_expect_related c280d4a0 tuple: tuple c01fdc00: 17 0.0.0.0:0x0000 0000 -> 172.30.8.100:0xc03fd840 mask: tuple c01fdc20: 65535 255.255.255.255:0xffff0000 -> 255.255.255.255:0x00000000 new expectation c2b8f370 of conntrack c280d4a0 nat: starting with port: 5022 change_expect: exp tuple: tuple c2b8f3c8: 17 0.0.0.0:0x00000000 -> 172.30.8.100:0xc03fd840 exp mask: tuple c2b8f3e8: 65535 255.255.255.255:0xffff0000 -> 255.255.255.255:0x00000000 newtuple: tuple c01fdb58: 17 0.0.0.0:0x00000000 -> 10.20.10.213:0xc03fd840 change expect: resent packet .... .... no free port found Can anybody please shed some light on this regards Nikolai Dahlem ------=_NextPart_000_0004_01C3AF5F.76B9AE20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi,

I'm = raising an=20 expectation in conntrack and im trying to change it in nat to the ip of = the=20 firewall + getting a free port, but in (almost) all cases change_expect = returns=20 -1 (resend packet without the same port). the odd thing is, in some = cases it=20 works ...

I = suppose I'm=20 basically doing something plain wrong/stupid, because it shouldn't be = treated as=20 a resend packet.

I = attached some=20 snippets from my syslog, how the expectation is risen in conntrack, and = how it=20 try to change it in nat.

conntrack:

ip_conntrack_sip.c:help:expect_related=20 172.30.8.100:5022-0.0.0.0:0
ip_conntrack_expect_related = c280d4a0
tuple:=20 tuple c01fdc00: 17 0.0.0.0:0x0000 0000 ->=20 172.30.8.100:0xc03fd840
mask: tuple c01fdc20: 65535=20 255.255.255.255:0xffff0000 -> 255.255.255.255:0x00000000
new = expectation=20 c2b8f370 of conntrack c280d4a0

nat:

starting with port: = 5022

change_expect:
exp tuple: = tuple=20 c2b8f3c8: 17 0.0.0.0:0x00000000 -> 172.30.8.100:0xc03fd840
exp = mask: =20 tuple c2b8f3e8: 65535 255.255.255.255:0xffff0000 ->=20 255.255.255.255:0x00000000
newtuple: tuple c01fdb58: 17=20 0.0.0.0:0x00000000 -> 10.20.10.213:0xc03fd840
change expect: = resent=20 packet
....

<happens=20 for all port>

....

no free port=20 found

Can = anybody please=20 shed some light on this

regards

Nikolai=20 Dahlem

------=_NextPart_000_0004_01C3AF5F.76B9AE20--