All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mojtaba <mespio@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Issue related to conntrack while insert new rule with conntrack command in linux
Date: Sun, 28 Apr 2019 12:32:37 +0430	[thread overview]
Message-ID: <CABVi_EwkvJtbDq17zJeCVR2cEKVtLuQm5Ltnr35mUSZR56Psgw@mail.gmail.com> (raw)
In-Reply-To: <CABVi_EyY+6igxjkryojqKLiTeM=XEAAYg3G0B0+25HePkBRu2A@mail.gmail.com>

I found some great related info  in
https://www.netfilter.org/projects/libnetfilter_queue/index.html
Thanks again

On Sun, Apr 28, 2019 at 10:59 AM Mojtaba <mespio@gmail.com> wrote:
>
> Hello Pablo,
> Would you please let me know to make my own libnetfilter_queue
> application ? I need a reference to read more about it and start
> working on it?
> With Best regards.Mojtaba
>
> On Sat, Apr 27, 2019 at 4:00 PM Mojtaba <mespio@gmail.com> wrote:
> >
> > Thanks Pablo,
> > Actually i need this feature for redirect  RTP-media packet beetwen
> > two service. I want to optimize resource consumption by using this
> > feature.
> > All things works right, But i should find the right place to insert
> > this rule in my code, Otherwise if the service got the first packet
> > from end-point while i don't insert the rule,yet. I will face with
> > problem, becasue of the rule was inserted before.
> > Thanks with regards. Mojtaba
> >
> > On Sat, Apr 27, 2019 at 2:13 PM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > >
> > > On Sat, Apr 27, 2019 at 01:31:40PM +0430, Mojtaba wrote:
> > > > Hello Pablo,
> > > > Just as better understanding, If i want to update using -U option, How
> > > > can i do that?
> > > > Suppose there is this rule in conntrack row:
> > > > udp      17 29 src=192.168.122.242 dst=192.168.122.103 sport=5070
> > > > dport=5005 [UNREPLIED] src=192.168.122.103 dst=192.168.122.242
> > > > sport=5005 dport
> > > > =5070 mark=0 use=1
> > > >
> > > > and i want to update it with this command:
> > > > conntrack -U -p udp -s 192.168.122.242 -d 192.168.122.103 --sport 5070
> > > > --dport 5005 --dst-nat 192.168.122.1:1111 --src-nat
> > > > 192.168.122.103:2222 --timeout 30
> > > > Actually it was not updated and this issue was raised:
> > > > conntrack v1.4.2 (conntrack-tools): 0 flow entries have been updated.
> > >
> > > You cannot update an existing entry with NATs.
> > >
> > > You can probably make your own libnetfilter_queue application that
> > > allows you to create conntrack entries from packets. If you want to do
> > > custom NAT handling some certain traffic. You will only need to pass
> > > the first packet of the flow to userspace to set up the NAT mangling
> > > you need.
> > >
> > > I would need to learn more on your usecase for this.
> >
> >
> >
> > --
> > --Mojtaba Esfandiari.S
>
>
>
> --
> --Mojtaba Esfandiari.S



-- 
--Mojtaba Esfandiari.S

  reply	other threads:[~2019-04-28  8:02 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-25 14:59 Issue related to conntrack while insert new rule with conntrack command in linux Mojtaba
2019-04-25 15:08 ` Mojtaba
2019-04-25 22:45   ` Pablo Neira Ayuso
2019-04-26 10:22     ` Mojtaba
2019-04-26 19:23     ` Mojtaba
2019-04-26 19:37       ` Pablo Neira Ayuso
2019-04-26 19:50         ` Mojtaba
2019-04-27  9:01           ` Mojtaba
2019-04-27  9:43             ` Pablo Neira Ayuso
2019-04-27 11:30               ` Mojtaba
2019-04-28  6:29                 ` Mojtaba
2019-04-28  8:02                   ` Mojtaba [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-04-25  9:22 Mojtaba Esfandiari

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CABVi_EwkvJtbDq17zJeCVR2cEKVtLuQm5Ltnr35mUSZR56Psgw@mail.gmail.com \
    --to=mespio@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.