/plushcap/analysis/cloudflare/conntrack-turns-a-blind-eye-to-dropped-syns

Conntrack turns a blind eye to dropped SYNs

What's this blog post about?

The text discusses the connection tracking layer in the Linux kernel called conntrack, and how it interacts with the network stack. It explains that conntrack relies on the Netfilter framework to get notified about network packets passing through the stack, and uses its set of hooks baked into the stack. The author also explores how to observe a TCP SYN packet dropped by the firewall using conntrack. They delve into various ways to discover the inner workings of the Linux network stack, such as using tools like drgn, bpftrace, or Ftrace, and cross-referencing source code.

Company
Cloudflare

Date published
March 4, 2021

Author(s)
Jakub Sitnicki

Word count
2920

Hacker News points
15

Language
English


By Matt Makai. 2021-2024.