Re: Question about nf_conntrack_proto for IPsec

Naruto Nguyen wrote: > Could you please elaborate more on how generic tracker tracks ESP connection? All protocols that do not have a more specific l4 tracker are tracked based on l3 protocol + l4 proto number. IOW, any ESP packet sent between the same endpoint addresses is seen as matching a si

Re: Question about nf_conntrack_proto for IPsec

Hi Florian, Thanks a lot for your reply. Could you please elaborate more on how generic tracker tracks ESP connection? Brs, Bao On Wed, 26 Jun 2019 at 18:13, Florian Westphal wrote: > > Naruto Nguyen wrote: > > In linux/latest/source/net/netfilter/ folder, I only see we have > > nf_conntrack_

Re: Question about nf_conntrack_proto for IPsec

Naruto Nguyen wrote: > In linux/latest/source/net/netfilter/ folder, I only see we have > nf_conntrack_proto_tcp.c, nf_conntrack_proto_udp.c and some other > conntrack implementations for other protocols but I do not see > nf_conntrack_proto for IPsec, so does it mean connection tracking > cannot