ratheesh k a écrit : >> On Mon, Mar 22, 2010 at 10:42 PM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: >> If a crafted packet matches all the characteristics of the conntrack >> entry for that connection (including reply source port 80, TCP sequence >> number), then it will be considered belonging to the reply direction of >> that connection and the NAT will process it accordingly. > > i thought , only a tuple of ip and port is kept for connection > tracking ( not tcp sequence ) . Window and sequence number tracking has been included in TCP connection tracking since kernel 2.6.9, making out-of-window segments INVALID. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
