Table tracer on IPtables

A quick look at the table of the tracer, which can be found in the file/proc/net/ip_conntrack. Here is a list of all active connections. If the module ip_conntrack loaded, the command cat/proc/net/ip_conntrak should display something like this:

TCP SYN_SENT 6117 src = dst = this sport 32775 = \
dport = 22 [UNREPLIED] src = dst = this sport = 22 \
dport = 32775 use = 2

This example contains all of the information that is known by a particular connection type tracer. The first thing you see is the title of the Protocol, in this case tcp. Here is some number in the usual decimal representation. It is followed by a number that specifies the life time entries in the table (i.e., the number of seconds after which the connection information will be removed from the table). For our case, the entry in the table will be stored is 117 seconds, unless of course via this link no longer goes any package. During each subsequent package through this link, this value will be set to the default value for the specified state. This number decreases by 1 every second. Next, the actual status of the connection. For our example, the status is set to SYN_SENT. The internal representation of the State differs slightly from the outside. The value of SYN_SENT said that through this has proceeded only a TCP SYN packet below are addresses of the sender and the recipient, the sender’s and receiver’s port. Here you can see the keyword [UNREPLIED], which States that return traffic through this connection yet. And, finally, provides additional information on the package, this is the IP address of the sender/recipient (the same, only the pomenâvšiesâ scenes, as the expected response packet), the same applies to ports.

The records in the table can take several values, they are all defined in header files include/linux/netfilter-ipv4/ip_conntrack *. h. Default values depend on protocol type. Each of the IP protocols: TCP, UDP, or ICMP have default values that are defined in the header file include/linux/netfilter-ipv4/ip_conntrack. h. In more detail, we will focus on these values when we examine each of the protocols separately.

Most recently, in patch-o-matic, a tcp window patch-tracking, which provides the ability to transfer all timeouts values through special variables, i.e. allows you to modify them on the fly. Thus changing the timeouts without having to recompile the kernel.

Changes are made by using a certain system calls through a catalog/proc/sys/net/ipv4/netfilter. Pay particular attention to a number of/proc/sys/net/ipv4/netfilter/ip_ct_ * variables.

After receiving the response packet tracer will remove the flag [UNREPLIED] and replace it with the flag of [a SELF-ASSURED]. This flag indicates that the connection is confident and this entry will not be erased when the maximum number of connections that are traced. The maximum number of records that can be contained in the table depends on the default values that can be set by calling the function ipsysctl in recent kernels. For 128 Mb of RAM, this value corresponds to 8192 records for 256 Mb-16376. You can view and modify this value setting variable/proc/sys/net/ipv4/ip_conntrack_max.