On Thu, May 02, 2002 at 07:44:12PM +0200, Patrick McHardy wrote: > Hi ! > > I have a question concerning nat code. After handing a struct > ip_nat_multi_range to ip_nat_setup_info the target doesn't see any > future packets from the original ip. is there a way to dermine when the > last packet for an ip/struct ip_nat_multi_range was handled by the nat > code ?
no, since NAT doesn't deal with state, and only conntrack notices when a connection is torn down. And what about timed out connections? You never know what was the last packet... The only idea could be to register some callback function with the conntrack destroy function, and then reading out the nat bindings out of the ip_conntrack struct before destroying it. > Thanks & Bye, > Patrick -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)