LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page ftp alg expect function
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-20-2014, 05:49 AM   #1
Allen Liu
LQ Newbie
 
Registered: May 2014
Location: Taiwan
Distribution: Ubuntu
Posts: 1

Rep: Reputation: Disabled
ftp alg expect function

Hi all,

I have questions about ftp alg expect function nf_nat_follow_master in

Linux kernel 2.6.35.12

if ftp alg is used, then in function init_conntrack,

nf_nat_follow_master would be triggered. My question is the code logic

in that function.

I assume the network topo is like A ---- R ----B.

A is in R's lan side ; B is in R's wan side.
and R does NAT so A has private IP.
ftp server is B.
ftp client is A.

When the data connection from B to R enters R's conntrack system,

the new conntrack would have ORIGINAL tuple B->R and REPLY tuple R->B,

but this is not the right tuple then,

in expect function ( nf_nat_follow_master), it tries to alter

conntrack. The resulting

conntrack should be ORIGINAL B->R, and REPLY A->B after

nf_nat_follow_master is executed.

The following is the codes of nf_nat_follow_master:

void nf_nat_follow_master(struct nf_conn *ct,
struct nf_conntrack_expect *exp)
{
struct nf_nat_range range;

/* This must be a fresh one. */
BUG_ON(ct->status & IPS_NAT_DONE_MASK);

/* Change src to where master sends to */
range.flags = IP_NAT_RANGE_MAP_IPS;
range.min_ip = range.max_ip
= ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);

/* For DST manip, map port here to where it's expected. */
range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
range.min = range.max = exp->saved_proto;
range.min_ip = range.max_ip
= ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
}

In the function, I am not sure why SNAT should be performed. Although

SNAT is done, it does not change the resulting conntrack.

I've think of another case why SNAT is there.

When ftp server is on LAN side and ftp client is on WAN side.

and there is a port forwarding rule on R that helps to connect to ftp

server on lan side.

In that case, SNAT is performed and changes the conntrack, and DNAT is

performed but does not change the conntrack.

I am not confirmative of my assumption. If you have any idea, please

share with me. Thanks.

Allen
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Expect script: how do i send function key F12 in an expect script alix123 Programming 4 09-01-2013 09:06 PM
[root@fugo trace]# sh expect.sh expect.sh: line 9: expect: command not found sivaloga Linux - Kernel 1 08-22-2013 04:29 AM
[SOLVED] Expect Function Help Using Bash metallica1973 Programming 15 03-13-2013 09:59 AM
Expect/Tcl function to login in a router. threeonethree Programming 3 11-19-2010 07:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:08 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration