Conntrack turns a blind eye to dropped SYNs
The text discusses the connection tracking layer in the Linux kernel called conntrack, and how it interacts with the network stack. It explains that conntrack relies on the Netfilter framework to get notified about network packets passing through the stack, and uses its set of hooks baked into the stack. The author also explores how to observe a TCP SYN packet dropped by the firewall using conntrack. They delve into various ways to discover the inner workings of the Linux network stack, such as using tools like drgn, bpftrace, or Ftrace, and cross-referencing source code.
Company
Cloudflare
Date published
March 4, 2021
Author(s)
Jakub Sitnicki
Word count
2920
Language
English
Hacker News points
15