From: Mojtaba <mespio@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Issue related to conntrack while insert new rule with conntrack command in linux
Date: Sat, 27 Apr 2019 16:00:08 +0430 [thread overview]
Message-ID: <CABVi_EwEc1x9dspiVHUKjoikvcCUTBMFbknFbR-yg+DaBcpAXw@mail.gmail.com> (raw)
In-Reply-To: <20190427094323.enhkqeoeow4jgmlk@salvia>
Thanks Pablo,
Actually i need this feature for redirect RTP-media packet beetwen
two service. I want to optimize resource consumption by using this
feature.
All things works right, But i should find the right place to insert
this rule in my code, Otherwise if the service got the first packet
from end-point while i don't insert the rule,yet. I will face with
problem, becasue of the rule was inserted before.
Thanks with regards. Mojtaba
On Sat, Apr 27, 2019 at 2:13 PM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> On Sat, Apr 27, 2019 at 01:31:40PM +0430, Mojtaba wrote:
> > Hello Pablo,
> > Just as better understanding, If i want to update using -U option, How
> > can i do that?
> > Suppose there is this rule in conntrack row:
> > udp 17 29 src=192.168.122.242 dst=192.168.122.103 sport=5070
> > dport=5005 [UNREPLIED] src=192.168.122.103 dst=192.168.122.242
> > sport=5005 dport
> > =5070 mark=0 use=1
> >
> > and i want to update it with this command:
> > conntrack -U -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070
> > --dport 5005 --dst-nat 192.168.122.1:1111 --src-nat
> > 192.168.122.103:2222 --timeout 30
> > Actually it was not updated and this issue was raised:
> > conntrack v1.4.2 (conntrack-tools): 0 flow entries have been updated.
>
> You cannot update an existing entry with NATs.
>
> You can probably make your own libnetfilter_queue application that
> allows you to create conntrack entries from packets. If you want to do
> custom NAT handling some certain traffic. You will only need to pass
> the first packet of the flow to userspace to set up the NAT mangling
> you need.
>
> I would need to learn more on your usecase for this.
--
--Mojtaba Esfandiari.S
next prev parent reply other threads:[~2019-04-27 11:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-25 14:59 Issue related to conntrack while insert new rule with conntrack command in linux Mojtaba
2019-04-25 15:08 ` Mojtaba
2019-04-25 22:45 ` Pablo Neira Ayuso
2019-04-26 10:22 ` Mojtaba
2019-04-26 19:23 ` Mojtaba
2019-04-26 19:37 ` Pablo Neira Ayuso
2019-04-26 19:50 ` Mojtaba
2019-04-27 9:01 ` Mojtaba
2019-04-27 9:43 ` Pablo Neira Ayuso
2019-04-27 11:30 ` Mojtaba [this message]
2019-04-28 6:29 ` Mojtaba
2019-04-28 8:02 ` Mojtaba
-- strict thread matches above, loose matches on Subject: below --
2019-04-25 9:22 Mojtaba Esfandiari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABVi_EwEc1x9dspiVHUKjoikvcCUTBMFbknFbR-yg+DaBcpAXw@mail.gmail.com \
--to=mespio@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).