* request and reply/respon packets
@ 2004-03-03 0:35 bino-psn
2004-03-03 1:02 ` Antony Stone
2004-03-03 11:14 ` Alexis
0 siblings, 2 replies; 5+ messages in thread
From: bino-psn @ 2004-03-03 0:35 UTC (permalink / raw
To: netfilter
Dear All.
Is there any way to know whter a packet is a "request" or "reply/respon"
packets ?
I want to make a different rule between those two, and the packet is
"coming" via the same interface and from the same network.
Sincerely
-bino-
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: request and reply/respon packets
2004-03-03 0:35 request and reply/respon packets bino-psn
@ 2004-03-03 1:02 ` Antony Stone
2004-03-03 1:04 ` bino-psn
2004-03-03 11:14 ` Alexis
1 sibling, 1 reply; 5+ messages in thread
From: Antony Stone @ 2004-03-03 1:02 UTC (permalink / raw
To: netfilter
On Wednesday 03 March 2004 12:35 am, bino-psn wrote:
> Dear All.
> Is there any way to know whter a packet is a "request" or "reply/respon"
> packets ?
I'm not sure if I understand you correctly, but let me make a few definitions
of my own, and see if they match yours...
"Requests" come from a client to a server. "Responses" and the reply from
the server to the client.
Requests start with a SYN packet (I'm assuming we're talking about TCP
connections here?), and responses start with a SYN/ACK packet. Thereafter,
all packets have ACK set.
So, you can detect the first packet of a request from the fact that SYN (only)
is set, and you can detect the first packet of a response from that fact that
SYN and ACK are set.
Does that help answer your question?
Antony.
--
Perfection in design is achieved not when there is nothing left to add, but
rather when there is nothing left to take away.
- Antoine de Saint-Exupery
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: request and reply/respon packets
2004-03-03 1:02 ` Antony Stone
@ 2004-03-03 1:04 ` bino-psn
2004-03-03 8:05 ` Cedric Blancher
0 siblings, 1 reply; 5+ messages in thread
From: bino-psn @ 2004-03-03 1:04 UTC (permalink / raw
To: netfilter
Hi Antony,
I think you made a better description .. thx..
And .. How to implement it in side the rule ?
well ... How to let's say MARK any http-ACK coming via an interface ?
Sincerely
-bino-
----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, March 03, 2004 8:02 AM
Subject: Re: request and reply/respon packets
> On Wednesday 03 March 2004 12:35 am, bino-psn wrote:
>
> > Dear All.
> > Is there any way to know whter a packet is a "request" or "reply/respon"
> > packets ?
>
> I'm not sure if I understand you correctly, but let me make a few
definitions
> of my own, and see if they match yours...
>
> "Requests" come from a client to a server. "Responses" and the reply
from
> the server to the client.
>
> Requests start with a SYN packet (I'm assuming we're talking about TCP
> connections here?), and responses start with a SYN/ACK packet.
Thereafter,
> all packets have ACK set.
>
> So, you can detect the first packet of a request from the fact that SYN
(only)
> is set, and you can detect the first packet of a response from that fact
that
> SYN and ACK are set.
>
> Does that help answer your question?
>
> Antony.
>
> --
> Perfection in design is achieved not when there is nothing left to add,
but
> rather when there is nothing left to take away.
>
> - Antoine de Saint-Exupery
>
> Please reply to the
list;
> please don't CC
me.
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: request and reply/respon packets
2004-03-03 1:04 ` bino-psn
@ 2004-03-03 8:05 ` Cedric Blancher
0 siblings, 0 replies; 5+ messages in thread
From: Cedric Blancher @ 2004-03-03 8:05 UTC (permalink / raw
To: bino-psn; +Cc: netfilter
Le mer 03/03/2004 à 02:04, bino-psn a écrit :
> I think you made a better description .. thx..
> And .. How to implement it in side the rule ?
> well ... How to let's say MARK any http-ACK coming via an interface ?
You can also use conntrack engine.
First packet of the connection has NEW state, others have ESTABLISHED
one.
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: request and reply/respon packets
2004-03-03 0:35 request and reply/respon packets bino-psn
2004-03-03 1:02 ` Antony Stone
@ 2004-03-03 11:14 ` Alexis
1 sibling, 0 replies; 5+ messages in thread
From: Alexis @ 2004-03-03 11:14 UTC (permalink / raw
To: netfilter
conntrack could help you in this issue.
----- Original Message -----
From: "bino-psn" <bino@indoakses-online.com>
To: <netfilter@lists.netfilter.org>
Sent: Tuesday, March 02, 2004 9:35 PM
Subject: request and reply/respon packets
> Dear All.
> Is there any way to know whter a packet is a "request" or "reply/respon"
> packets ?
>
> I want to make a different rule between those two, and the packet is
> "coming" via the same interface and from the same network.
>
> Sincerely
> -bino-
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-03-03 11:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-03 0:35 request and reply/respon packets bino-psn
2004-03-03 1:02 ` Antony Stone
2004-03-03 1:04 ` bino-psn
2004-03-03 8:05 ` Cedric Blancher
2004-03-03 11:14 ` Alexis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.