On Tue, 2 Jan 2018 21:56:07 +0000
André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx> wrote:
> As far as I can tell - ESTABLISHED - is only for session based protocols like TCP .
> You will not see that for UDP or ICMP , as far as CONNTRACK is concerned .
With netfilter, there are five connection states: NEW, RELATED, ESTABLISHED, INVALID and RAW.
- A NEW packet is the first packet of a new peer-to-peer communication connection
(a conn), be it TCP, SCTP, UDP, GRE, or any other protocol.
- A RELATED packet is the first packet of a new conn that netfilter determined is
related to an existing conn (the data conn of an FTP conn, for example).
- When two-way communication is established with a reply packet, the conn's state
changes to ESTABLISHED.
- INVALID packets are those that netfilter has received but has no idea what to do
with them; they are packets that can only belong to an ESTABLISHED conn but it can
find no such conn in its database.
- I think RAW packets are those that netfilter has been told not to process; but I'm
not sure of this as I've never had reason to use RAW packets.
In netfilter, 'connection' is not related to connection-oriented protocols. It has to do with the relationship--the logical connection--between two endpoints on a LAN or on some internetwork of them. It is much like two people talking on a walkie-talkie, two people exchanging TXT MSGs, or two people talking on a phone that has a circuit-switched connection set up between them.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
