- 论坛徽章:
- 0
|
本帖最后由 nu_teller 于 2011-09-18 22:52 编辑
实例:
tftp client -> tftp server:
ORIGINAL 192.168.1.1:1106 -> 192.168.1.2:69
REPLY 192.168.1.2:69 -> 192.168.1.1:1106
tftp server -> tftp client:
ORIGINAL 192.168.1.2:69 -> 192.168.1.1:1106
[fly]REPLY 192.168.1.1:1106 -> 192.168.1.2:69[/fly]
在conntrack条目中只有一条记录
疑问在于:
最主要的是为什么tftp server的回应报文能够在nf_conntrack_hash[hash]表表中查到?
当tftp server回应的tuple的流程如下,
conntrack_in->resolve_normal_ct->nf_conntrack_find_get->__nf_conntrack_find
在nf_conntrack_hash[hash]表中查找是否存在对应的tuple,
不明白的地方是nf_conntrack_hash表有没有ORIGINAL和REPLY的分类,
nf_confirm中的查找orignal和reply tuple中的方法不同的原因?
__nf_conntrack_confirm(struct sk_buff **pskb)
{
unsigned int hash, repl_hash;
...
hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
...
/* See if there's one in the list already, including reverse:
NAT could have grabbed it without realizing, since we're
not in the hash. If there is, we lost race. */
list_for_each_entry(h, &nf_conntrack_hash[hash], list)
if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
&h->tuple))
goto out;
list_for_each_entry(h, &nf_conntrack_hash[repl_hash], list)
if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_REPLY].tuple,
&h->tuple))
goto out;
...
} |
|