Re: QUES : connection tracking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To, Netfilter Giants and Professionals,

I am a netfilter newbie, trying to analyse the system architecturally.

Sorry for answering the questions myself, Let me know if I am wrong !!!!!

QUES:  What code is present architecturally in net/ipv4/netfilter
           directory and what code is present architecturally in net/netfilter
           directory ?
           Kernel 2.6.34 --> ubuntu Linux 10.04
           net/ipv4/netfilter --> This code contains connection
trackers, NAT helpers and
                                        kernel part for rule targets.
           net/netfilter --> This code contains conntrack helpers and
main conntrack system and
                                  conntrack subsystem.

QUES: Why do we use terms layer 5 connection trackers and layer 3
           connection trackers whereas connection is maintained only
           at layer 4 ?

           Finally after studying the code I got what I wanted.

           Layer 3 connection trackers are just for ipaddress tuple
entries and are practically
           useless if there is no layer 4 connection tracker with it.
           i.e we can say layer3 conection trackers are entry point
into the conntrack system as
           they are not dependent on incoming and outgoing interfaces.

           Layer 5 connection trackers are nothing but merely helpers
like FTP data port
           connection and which tells whether a particular connection
is related to the
           main connection or not.

           Layer 4 connection trackers functioning shows us the actual
entries in the conntrack
           table/tuple doubly linked list or in proc/net/nf_conntrack entries.

           Finally the connection is registered at the exit from POST
ROUTING HOOK.


Thanks,
A newbie into the world of firewall security mechanism.


On Mon, Jun 21, 2010 at 1:13 PM, Ninad Adi <adi.ninad@xxxxxxxxx> wrote:
> QUES:  What code is present architecturally in net/ipv4/netfilter
>            directory and what code is present architecturally in net/netfilter
>            directory ?
>
> QUES: Why do we use terms layer 5 connection trackers and layer 3
>           connection trackers whereas connection is maintained only
> at layer 4 ?
>
>
>
> Ninad.
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux