Connection tracking and invalid tcp headers
ganhawk at gmail.com
Wed Oct 26 21:07:41 CEST 2005
I would appreciate any responses for this question.
I have a situation where the ack packet in the tcp handshake will
have wrong seq number. A netfilter module rewrites the right sequence
number for the packet. Hence this has to be before connection
tracking. Is there anyway to detect what connection this packet will
belong to before connection tracking module using some of the data
structures maintained by connection tracking ?
(If there is no way, I guess I need to maintain a list of packets
for which syn/ack was sent and detect them the acks back as only the
handshake ack will have wrong seq number)
If the packet with the wrong seq num is passed through any firewall
that forwards it, will it be dropped ?
Also the first syn packet will not have the ack_seq = 0. But I
assume that will not affect the connection tracking in any way. Is
that true ?
More information about the netfilter-devel