Thermalcircle

climbing the thermals

User Tools

Site Tools

blog:linux:connection_tracking_2_core_implementation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
blog:linux:connection_tracking_2_core_implementation [2021-08-07] – added references section Andrej Stenderblog:linux:connection_tracking_2_core_implementation [2022-08-07] (current) – activated TOC Andrej Stender
Line 1: Line 1:
-{{tag>linux netfilter conntrack nftables iptables}}+{{tag>linux kernel netfilter conntrack nftables iptables}}
 ====== Connection tracking (conntrack) - Part 2: Core Implementation ====== ====== Connection tracking (conntrack) - Part 2: Core Implementation ======
 ~~META: ~~META:
 date created = 2021-04-11  date created = 2021-04-11 
 ~~ ~~
- 
-~~NOTOC~~ 
- 
  
 With this article series I like to take a closer look at the connection tracking subsystem of the Linux kernel, which provides the basis for features like stateful packet filtering and NAT. With this article series I like to take a closer look at the connection tracking subsystem of the Linux kernel, which provides the basis for features like stateful packet filtering and NAT.
Line 18: Line 15:
   * [[connection_tracking_1_modules_and_hooks|Connection tracking (conntrack) - Part 1: Modules and Hooks]]   * [[connection_tracking_1_modules_and_hooks|Connection tracking (conntrack) - Part 1: Modules and Hooks]]
   * [[connection_tracking_2_core_implementation|Connection tracking (conntrack) - Part 2: Core Implementation]]   * [[connection_tracking_2_core_implementation|Connection tracking (conntrack) - Part 2: Core Implementation]]
-  * Connection tracking (conntrack) - Part 3: Connection States and Examples (coming soon)+  * [[connection_tracking_3_state_and_examples|Connection tracking (conntrack) - Part 3: State and Examples]]
  
 ===== The ct table ===== ===== The ct table =====
Line 238: Line 235:
 is required for "unconfirmed" connections, because creation of those is triggered is required for "unconfirmed" connections, because creation of those is triggered
 by a network packet and they either become "confirmed" while that same packet is by a network packet and they either become "confirmed" while that same packet is
-still traversing the kernel network stack or they die together that same packet+still traversing the kernel network stack or they die together with that same packet
 when it is being dropped.)). This means, usually each further network packet when it is being dropped.)). This means, usually each further network packet
 traversing the main ct hook functions which is identified to belong to a tracked traversing the main ct hook functions which is identified to belong to a tracked
Line 347: Line 344:
  
 ===== Continue with next article ===== ===== Continue with next article =====
-A third article is currently in the works. I'll place a link here once its finished. +[[connection_tracking_3_state_and_examples|Connection tracking (conntrack) - Part 3: State and Examples]]
-In that article, I plan to take a look at the set of states a tracked connection lives through during its life cycle and in which way Nftables rules make use of that. I'll further present practical examples which show the life cycle and state changes of tracked connections of common protocols like ICMP, TCP and UDP. +
  
  
-//published 2021-04-11//, //last modified 2021-08-07//+//published 2021-04-11//, //last modified 2022-08-07//
  
blog/linux/connection_tracking_2_core_implementation.1628344948.txt.gz · Last modified: 2021-08-07 by Andrej Stender