From: "Nikolai Dahlem" <listuser@epygi.de>
To: <netfilter-devel@lists.netfilter.org>
Subject: RE: can't change expectation: change_expect returns -1 (resend packet)
Date: Thu, 20 Nov 2003 14:03:26 +0100 [thread overview]
Message-ID: <DAELKAPIKOFAFFKELNHOMEALCAAA.listuser@epygi.de> (raw)
In-Reply-To: <DAELKAPIKOFAFFKELNHOIEALCAAA.listuser@epygi.de>
> People can help you better if you post your code, otherwise it's just
guessing around.
Sorry about that, here is the associated code:
conntrack:
exp->tuple = ((struct ip_conntrack_tuple)
{ { 0, { 0 } },
{ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip, { .udp = {
htons(info->src_sdp_port) } },
IPPROTO_UDP }});
exp->mask = ((struct ip_conntrack_tuple)
{ { 0xFFFFFFFF, { .udp = { 0xFFFF } } },
{ 0xFFFFFFFF, { .udp = { 0xFFFF } }, 0xFFFF }});
exp->expectfn = NULL;
DEBUGP("expect_related %u.%u.%u.%u:%u-%u.%u.%u.%u:%u\n",
NIPQUAD(exp->tuple.dst.ip),
ntohs(exp->tuple.dst.u.tcp.port),
NIPQUAD(exp->tuple.src.ip),
ntohs(exp->tuple.src.u.tcp.port));
ip_conntrack_expect_related(ct, &expect);
nat:
newtuple = exp->tuple;
newtuple.dst.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
DEBUGP("starting with port: %i\n",ct_sip_info->src_sdp_port);
for (port = ct_sip_info->src_sdp_port; port != 0; port++) {
newtuple.dst.u.udp.port = htons(port);
if (ip_conntrack_change_expect(exp, &newtuple)) break;
}
if (port == 0) DEBUGP("no free port found!\n");
> I'm raising an expectation in conntrack and im trying to change it in
> nat to the ip of the firewall + getting a free port, but in (almost)
> all cases change_expect returns -1 (resend packet without the same
> port). the odd thing is, in some cases it works ...
> I suppose I'm basically doing something plain wrong/stupid, because it
> shouldn't be treated as a resend packet.
> I attached some snippets from my syslog, how the expectation is risen
> in conntrack, and how it try to change it in nat.
>
> conntrack:
> ip_conntrack_sip.c:help:expect_related 172.30.8.100:5022-0.0.0.0:0
> ip_conntrack_expect_related c280d4a0
> tuple: tuple c01fdc00: 17 0.0.0.0:0x0000 0000 -> 172.30.8.100:0xc03fd840
> mask: tuple c01fdc20: 65535 255.255.255.255:0xffff0000 ->
> 255.255.255.255:0x00000000
> new expectation c2b8f370 of conntrack c280d4a0
> nat:
> starting with port: 5022
>
> change_expect:
> exp tuple: tuple c2b8f3c8: 17 0.0.0.0:0x00000000 ->
> 172.30.8.100:0xc03fd840
> exp mask: tuple c2b8f3e8: 65535 255.255.255.255:0xffff0000 ->
> 255.255.255.255:0x00000000
> newtuple: tuple c01fdb58: 17 0.0.0.0:0x00000000 ->
> 10.20.10.213:0xc03fd840
> change expect: resent packet
> ....
> <happens for all port>
> ....
> no free port found
>
> Can anybody please shed some light on this
regards
Nikolai Dahlem
next parent reply other threads:[~2003-11-20 13:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <DAELKAPIKOFAFFKELNHOIEALCAAA.listuser@epygi.de>
2003-11-20 13:03 ` Nikolai Dahlem [this message]
2003-11-20 11:11 can't change expectation: change_expect returns -1 (resend packet) Nikolai Dahlem
2003-11-20 11:56 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DAELKAPIKOFAFFKELNHOMEALCAAA.listuser@epygi.de \
--to=listuser@epygi.de \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.