help understanding netfilter comment

help understanding netfilter comment

Post by Giacom » Tue, 13 Sep 2005 20:45:56

Good morning, i did not understand what problems are concerned with

"The checked segment is in window, but our windows are *not*
equivalent with the ones of the sender/receiver"

I have a problem programming a nat module for linux kernel and i would like
to understand
the problem pointed out in this comment to see if it could be the cause of

When translating addresses and ports, is it necessary to deal with windows
or other parameters
such as seq/ack numbers? (I don't touch payload, just ips and ports).

Thanks in advance, Giacomo.

The comment is extracted from ip_conntrack_proto_tcp.c

 * The TCP state transition table needs a few words...
 * We are the man in the middle. All the packets go through us
 * but might get lost in transit to the destination.
 * It is assumed that the destinations can't receive segments
 * we haven't seen.
 * The checked segment is in window, but our windows are *not*
 * equivalent with the ones of the sender/receiver. We always
 * try to guess the state of the current sender.
 * The meaning of the states are:
 * NONE: initial state


1. Website for netfilter/iptables:

Since the site is down, you should go to if you need to get the latest code for iptables
or netfilter.

Matthew Cline        | Suppose you were an idiot.  And suppose that

                     | myself.  -- Mark Twain

2. motorola sm56 problem

3. Comments within commented text?

4. __A, __B, __C, etc. and emacs cmdline editing in ksh

5. Help on netfilter/iptables?


7. Need help with netfilter logging message

8. How to list public-readable files?

9. Help on Netfilter/iptables?

10. Help with installing a custom netfilter module...

11. iptables help / netfilter traversal

12. 2.5.59 add one help text to net/ipv4/netfilter/Kconfig

13. netfilter rule problem need help check it out!