netfilter tftp helper

12-08-2006, 08:46 AM

Hi,
i am running a tftp setup in my lab as given

client router
server
192.168.0.1 192.168.0.2 (lan) 10.145.2.23(wan)
10.145.6.78

when i request server i read through the logs inside helper for the
first packet tftp recived in conntrack_helper_tftp.c help function as
org tuple
c2b682a4: 17 192.168.0.1:32770 -> 10.145.6.78:69
rep tuple c2b682bc: 17 10.145.6.78:69 -> 10.145.2.23:32770
and skbuff contents as 10.145.2.23:32770 -> 10.145.6.78:69

which i understand SNAT opteration has been done before it reaches
helper itself but what i expect is the tftp helper will be called when
the tftp packet before SNAT.

can any one explain where tftp helper will be called

12-08-2006, 08:28 PM

muruga wrote:
> Hi,
> i am running a tftp setup in my lab as given
>
> client router
> server
> 192.168.0.1 192.168.0.2 (lan) 10.145.2.23(wan)
> 10.145.6.78
>
>
>
> when i request server i read through the logs inside helper for the
> first packet tftp recived in conntrack_helper_tftp.c help function as
> org tuple
> c2b682a4: 17 192.168.0.1:32770 -> 10.145.6.78:69
> rep tuple c2b682bc: 17 10.145.6.78:69 -> 10.145.2.23:32770
> and skbuff contents as 10.145.2.23:32770 -> 10.145.6.78:69
>
> which i understand SNAT opteration has been done before it reaches
> helper itself but what i expect is the tftp helper will be called when
> the tftp packet before SNAT.
>
> can any one explain where tftp helper will be called
>

Get the TFTP specification. The server port (69) will be changed
to something else (called transaction ID, XID) after the first
pair of packets are exchanged, and the firewall has to follow
the change.

--

Tauno Voipio
tauno voipio (at) iki fi

12-10-2006, 04:01 AM

Tauno Voipio wrote:
> muruga wrote:
> > Hi,
> > i am running a tftp setup in my lab as given
> >
> > client router
> > server
> > 192.168.0.1 192.168.0.2 (lan) 10.145.2.23(wan)
> > 10.145.6.78
> >
> >
> >
> > when i request server i read through the logs inside helper for the
> > first packet tftp recived in conntrack_helper_tftp.c help function as
> > org tuple
> > c2b682a4: 17 192.168.0.1:32770 -> 10.145.6.78:69
> > rep tuple c2b682bc: 17 10.145.6.78:69 -> 10.145.2.23:32770
> > and skbuff contents as 10.145.2.23:32770 -> 10.145.6.78:69
> >
> > which i understand SNAT opteration has been done before it reaches
> > helper itself but what i expect is the tftp helper will be called when
> > the tftp packet before SNAT.
> >
> > can any one explain where tftp helper will be called
> >
>
> Get the TFTP specification. The server port (69) will be changed
> to something else (called transaction ID, XID) after the first
> pair of packets are exchanged, and the firewall has to follow
> the change.
>
> --
>
> Tauno Voipio
> tauno voipio (at) iki fi

i just asked when will the contrack helper for TFTP will be called for
the first packet?
it will be input chain or output chain after SNAT is done.........

murugan

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
IP Helper API on linux	yevvi@yahoo.com	Linux Networking	0	01-17-2007 02:55 AM
when will the netfilter conntrack helper will be called?	muruga	Linux Networking	0	12-11-2006 02:26 AM
netfilter conntrack helper routine calling sequence	muruga	Linux Networking	1	12-08-2006 08:30 PM
IP Helper API for windows 98	jegathesan	Windows Networking	0	01-03-2004 12:50 PM
IP Helper API download	jegathesan	Windows Networking	0	01-03-2004 12:44 PM