Re: Snooping expected connections in a user CT helper

Hi Kevin, On Thu, Sep 08, 2016 at 03:02:13PM -0700, Kevin Cernekee wrote: > On Thu, Sep 1, 2016 at 4:47 PM, Kevin Cernekee wrote: > > The patch that I sent out last night is able to handle scenarios in > > which the event occurs shortly after the subscription is

Re: Snooping expected connections in a user CT helper

On Thu, Sep 1, 2016 at 4:47 PM, Kevin Cernekee wrote: > The patch that I sent out last night is able to handle scenarios in > which the event occurs shortly after the subscription is established. > But in my testing I am noticing two other problems: > > 1) Approximately two

Re: Snooping expected connections in a user CT helper

On Tue, Aug 23, 2016 at 8:36 AM, Pablo Neira Ayuso wrote: >> 2) Just noticed that the sane and tftp modules require Linux 3.12+. >> My test system is running 3.8. Does ssdp have a similar restriction, >> and if so, what would need to be backported? > > Userspace expectation

Re: Snooping expected connections in a user CT helper

On Mon, Aug 22, 2016 at 08:34:41PM -0700, Kevin Cernekee wrote: > On Wed, Aug 17, 2016 at 6:12 PM, Pablo Neira Ayuso > wrote: > > Looking at ctnetlink, it should be possible to make it via > > CTA_EXPECT_HELP_NAME. Thus, by when we find a matching expectation, > > the helper

Re: Snooping expected connections in a user CT helper

On Wed, Aug 17, 2016 at 6:12 PM, Pablo Neira Ayuso wrote: > Looking at ctnetlink, it should be possible to make it via > CTA_EXPECT_HELP_NAME. Thus, by when we find a matching expectation, > the helper is set to this new connection too. > > See line 1086 in

Snooping expected connections in a user CT helper

Hi, I am trying to extend the ssdp user helper in conntrackd to handle event subscriptions on a UPnP control point. The flow looks like this: 1) Outbound multicast M-SEARCH packet (dst: 1900/udp) - Create expectation for unicast reply from to source port 2) Inbound unicast reply (there may