Thanks for the reply. Ok, I can see how I can generate some IDs, but I first
want to make sure i have all of the information I need.
When I run conntrack, I only see one protocol number. I think it is a layer4
protocol (tcp vs udp). If I'm not seeing an l3proto in my output, why might
that be?
udp 17 12 src=10.10.201.2 dst=204.174.64.1 sport=54475 dport=53
src=204.174.64.1 dst=209.53.156.2 sport=53 dport=54475 use=1 mark=0
tcp 6 420332 ESTABLISHED src=10.10.100.3 dst=10.10.1.22 sport=1356
dport=5432 src=10.10.1.22 dst=10.10.100.3 sport=5432 dport=1356 [ASSURED]
use=1 mark=0
On Wednesday 08 November 2006 11:29, Pablo Neira Ayuso wrote:
> Alan Ezust wrote:
> > We need to be able to determine when we get an UPDATE or a DISCONNECT,
> > which connections they correspond to. I assumed that was the purpose of
> > the CT id.
>
> The purpose was to uniquely identify a connection but we currenlty
> assume that the tuple {src, portsrc, dst, portdst, l3protonum, protonum}
> is enough.
>
> > Why are you removing it?
>
> http://lists.netfilter.org/pipermail/netfilter-devel/2005-June/019923.html
--
Alan Ezust www.presinet.com
Presinet, inc alan.ezust@xxxxxxxxxxxx
Victoria, BC,Canada
Attachment:
pgpvdcySjCq0t.pgp
Description: PGP signature
