* conntrack output - question
@ 2012-08-07 5:38 Gomathivinayagam Muthuvinayagam
2012-08-07 9:47 ` Eric Leblond
2012-08-08 14:12 ` Pablo Neira Ayuso
0 siblings, 2 replies; 3+ messages in thread
From: Gomathivinayagam Muthuvinayagam @ 2012-08-07 5:38 UTC (permalink / raw)
To: netfilter
Conntrack classifies a packet to a flow based on protocol no, srcip,
destip, srcport, and destport.
A sample output is shown below,
[NEW] udp 17 30 src=192.168.2.100 dst=192.168.2.1 sport=57767
dport=53 [UNREPLIED] src=192.168.2.1 dst=192.168.2.100 sport=53
dport=57767
Here, what's the need of reply srcip, reply destip, reply srcport,
reply destport? (Since we can imply these information from original
srcp ip, original destip, original srcport, original destport)
Is it just for avoiding for confusion, or anyother reasons behind this?
Thanks & Regards,
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: conntrack output - question
2012-08-07 5:38 conntrack output - question Gomathivinayagam Muthuvinayagam
@ 2012-08-07 9:47 ` Eric Leblond
2012-08-08 14:12 ` Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Eric Leblond @ 2012-08-07 9:47 UTC (permalink / raw)
To: Gomathivinayagam Muthuvinayagam; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 792 bytes --]
Hi,
Le lundi 06 août 2012 à 22:38 -0700, Gomathivinayagam Muthuvinayagam a
écrit :
> Conntrack classifies a packet to a flow based on protocol no, srcip,
> destip, srcport, and destport.
>
> A sample output is shown below,
>
> [NEW] udp 17 30 src=192.168.2.100 dst=192.168.2.1 sport=57767
> dport=53 [UNREPLIED] src=192.168.2.1 dst=192.168.2.100 sport=53
> dport=57767
>
> Here, what's the need of reply srcip, reply destip, reply srcport,
> reply destport? (Since we can imply these information from original
> srcp ip, original destip, original srcport, original destport)
> Is it just for avoiding for confusion, or anyother reasons behind this?
Think about NAT.
BR,
--
Eric Leblond
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: conntrack output - question
2012-08-07 5:38 conntrack output - question Gomathivinayagam Muthuvinayagam
2012-08-07 9:47 ` Eric Leblond
@ 2012-08-08 14:12 ` Pablo Neira Ayuso
1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2012-08-08 14:12 UTC (permalink / raw)
To: Gomathivinayagam Muthuvinayagam; +Cc: netfilter
On Mon, Aug 06, 2012 at 10:38:03PM -0700, Gomathivinayagam Muthuvinayagam wrote:
> Conntrack classifies a packet to a flow based on protocol no, srcip,
> destip, srcport, and destport.
>
> A sample output is shown below,
>
> [NEW] udp 17 30 src=192.168.2.100 dst=192.168.2.1 sport=57767
> dport=53 [UNREPLIED] src=192.168.2.1 dst=192.168.2.100 sport=53
> dport=57767
>
> Here, what's the need of reply srcip, reply destip, reply srcport,
> reply destport? (Since we can imply these information from original
> srcp ip, original destip, original srcport, original destport)
> Is it just for avoiding for confusion, or anyother reasons behind this?
We need the reply tuple for NAT scenarios. In those cases, original
tuples does not match the reply tuple.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-08-08 14:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-07 5:38 conntrack output - question Gomathivinayagam Muthuvinayagam
2012-08-07 9:47 ` Eric Leblond
2012-08-08 14:12 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).