On Thursday 21 December 2006 09:37, Grant Taylor wrote:
> I have read the article. I suspect that my uncertainty has to do
> with lack of how the SPI portion of the code works. I am not
> qualified to read the source code to make an informed opinion. I was
> (mis)believing that the SPI was very simple in the fact that it would
> classify any returning traffic coming back from a host as related.
> Now, I'm getting the impression that this is not the case and that
> only specific packets are considered related.
>
> Can / will someone that is more versed in programming / reading
> source code please give me a brief overview of how the kernel decides
> what is and is not related.
That is not me, but I have in the past had the same question answered
on the netfilter list. The protocol-specific helper drivers such as
ip_conntrack_$PROTOCOL are the ones that defined state "RELATED". If
you're not using a "helped" protocol, you will have no RELATED packets.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|