Thermalcircle

climbing the thermals

User Tools

Site Tools

blog:linux:connection_tracking_3_state_and_examples

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
blog:linux:connection_tracking_3_state_and_examples [2022-08-07] – activated TOC Andrej Stenderblog:linux:connection_tracking_3_state_and_examples [2023-09-04] (current) – fix typo "UPD" -> "UDP" Andrej Stender
Line 142: Line 142:
 ^ bit 14: ''IPS_OFFLOAD'' ^ ^ bit 14: ''IPS_OFFLOAD'' ^
 | <WRAP> | <WRAP>
-This tracked connection has been offloaded to flow table.+This tracked connection has been offloaded to a [[flowtables_1_a_netfilter_nftables_fastpath|flowtable]].
  
 ^ bit shown by conntrack command or proc file like this ^^ ^ bit shown by conntrack command or proc file like this ^^
Line 149: Line 149:
 ^ bit 15: ''IPS_HW_OFFLOAD'' ^ ^ bit 15: ''IPS_HW_OFFLOAD'' ^
 | <WRAP> | <WRAP>
-This tracked connection has been offloaded to hardware.+This tracked connection has been offloaded to hardware by a [[flowtables_1_a_netfilter_nftables_fastpath|flowtable]].
  
 ^ bit shown by conntrack command or proc file like this ^^ ^ bit shown by conntrack command or proc file like this ^^
Line 335: Line 335:
 ICMP //echo-request// and //echo-reply// traversing ct hook functions, ICMP //echo-request// and //echo-reply// traversing ct hook functions,
 causing tracked connection to be created and later deleted, causing tracked connection to be created and later deleted,
-showing state and timeout changes as those occur.+showing state and timeout changes as those occur (click to enlarge).
 </caption> </caption>
 </figure> </figure>
Line 347: Line 347:
 in its //tuples// to do that; see function ''[[https://elixir.bootlin.com/linux/v5.10.19/source/net/netfilter/nf_conntrack_proto_icmp.c#L27|icmp_pkt_to_tuple()]]''. in its //tuples// to do that; see function ''[[https://elixir.bootlin.com/linux/v5.10.19/source/net/netfilter/nf_conntrack_proto_icmp.c#L27|icmp_pkt_to_tuple()]]''.
  
-===== UPD Example =====+===== UDP Example =====
 This example demonstrates state changes of a tracked connection in case of a [[wp>Domain_Name_System|DNS]] //query// + //response//, as shown in Figure This example demonstrates state changes of a tracked connection in case of a [[wp>Domain_Name_System|DNS]] //query// + //response//, as shown in Figure
 {{ref>ctudpexmsgs}}. The client host sends a DNS //query// message to {{ref>ctudpexmsgs}}. The client host sends a DNS //query// message to
Line 386: Line 386:
 {{ :linux:nf-ct-udp-ex.png?direct&700 |}} {{ :linux:nf-ct-udp-ex.png?direct&700 |}}
 <caption> <caption>
-DNS //query// and //response// via UDP packets, traversing ct hook functions, causing tracked connection to be created and later deleted, showing state and timeout changes as those occur.+DNS //query// and //response// via UDP packets, traversing ct hook functions, causing tracked connection to be created and later deleted, showing state and timeout changes as those occur (click to enlarge).
 </caption> </caption>
 </figure> </figure>
Line 501: Line 501:
 {{ :linux:nf-ct-tcp-ex-hs.png?direct&700 |}} {{ :linux:nf-ct-tcp-ex-hs.png?direct&700 |}}
 <caption> <caption>
-TCP 3-way handshake: packets traversing ct hook functions, causing tracked connection to be created, confirmed, established and assured.+TCP 3-way handshake: packets traversing ct hook functions, causing tracked connection to be created, confirmed, established and assured (click to enlarge).
 </caption> </caption>
 </figure> </figure>
Line 508: Line 508:
 {{ :linux:nf-ct-tcp-ex-psh.png?direct&700 |}} {{ :linux:nf-ct-tcp-ex-psh.png?direct&700 |}}
 <caption> <caption>
-TCP payload data transfer: packets traversing ct hook functions, adjusting timeout depending on outstanding TCP ACK from peer.+TCP payload data transfer: packets traversing ct hook functions, adjusting timeout depending on outstanding TCP ACK from peer (click to enlarge).
 </caption> </caption>
 </figure> </figure>
Line 515: Line 515:
 {{ :linux:nf-ct-tcp-ex-fin.png?direct&700 |}} {{ :linux:nf-ct-tcp-ex-fin.png?direct&700 |}}
 <caption> <caption>
-TCP connection termination((TCP connection termination consists of two independent 2-way handshakes, which can result in 4 packets being exchanged. However, if both sides like to terminate simultaneously, then this can also result in just 3 packets, as shown here. I chose that shorter variant in this example, to prevent this figure from getting too big. ;-) )): packets traversing ct hook functions, causing timeout to be adjusted, after final timeout expiration, tracked connection is deleted. +TCP connection termination((TCP connection termination consists of two independent 2-way handshakes, which can result in 4 packets being exchanged. However, if both sides like to terminate simultaneously, then this can also result in just 3 packets, as shown here. I chose that shorter variant in this example, to prevent this figure from getting too big. ;-) )): packets traversing ct hook functions, causing timeout to be adjusted, after final timeout expiration, tracked connection is deleted (click to enlarge)
 </caption> </caption>
 </figure> </figure>
Line 537: Line 537:
   * [[https://conntrack-tools.netfilter.org/manual.html|The conntrack-tools user manual (Pablo Neira Ayuso, 2012)]]   * [[https://conntrack-tools.netfilter.org/manual.html|The conntrack-tools user manual (Pablo Neira Ayuso, 2012)]]
  
-//published 2021-08-07//, //last modified 2022-08-07//+//published 2021-08-07//, //last modified 2023-09-04//
  
blog/linux/connection_tracking_3_state_and_examples.1659878141.txt.gz · Last modified: 2022-08-07 by Andrej Stender