Community discussions

 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3074
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Connection state 'new', how long "new"?

Wed Jan 05, 2011 3:30 am

How long is a connection apply for the mangle filter connection state = ´new´?

When first package passes through connection tracker, a connection is initiated, and mangle filter in prerouting gives this ´new´ connection a connection marker, then when in next filter in ´forward´chain filteres the package again to be given another connection marker, is this connection still to be considered ´new´?
It looks in this second instance my filter with conn. state ´new´ misses this connection now...

So what is exactly the difference in ´new´ and ´esthablished´? Is this something only the router decides? When a new src-IP+port<>dst-IP+port connection is made it is new, but for how long? Only the first byte? Or the first millisecond, the first second? Only the first time is passes A filter in the mangle? (What if it also passes /firewall/filter filter?)
When is new really new in this respect?
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3074
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Connection state 'new', how long "new"?

Wed Jan 05, 2011 3:43 am

Next question in this respect:

If I filter packages with conn. state = new for PCC and give it a new conn. mark in the prerouting chain (followed by a routing mark for policy routing), if I then filter same package in forward chain to give it another new conn. mark (for other, next purpose, QoS) does it now mean the first connection with the mark given by the PCC rule is overwritten?

Would this mean that if PCC is used for policy routing after the package passed the routing process (= result of PCC in prerouting chain) and the QoS process (= result of service labeling in forward chain for Queue Tree) the first conn. mark given by the PCC/prerouting filter does not exist anymore. So next packages belonging to same connection are not passing the PCC filter anymore (since conn. state is not ´new´ anymore?) and these package are not policy routed but instead follow the default route for not routing marked packages?

Do I have to filter for PCC just every package again even on esthablished connections. I think so?
Any ideas?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Connection state 'new', how long "new"?

Wed Jan 05, 2011 3:51 am

For UDP, only the first packet between a connection with two unique IP/port tupels are new, all return packets and subsequent packets are established. For TCP the first three packets are new (three way handshake: SYN, SYN/ACK, ACK), everything thereafter is established.

Packets can only belong to one connection, and each connection can only have on mark. Every packet can also have an independent packet mark, and an independent routing mark. So you can mark connections for policy routing purposes (routing marks derived from the connection mark), and use the packet mark independently for QoS purposes (but not use the connection mark for QoS decisions), or vice versa.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3074
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Connection state 'new', how long "new"?

Thu Jan 06, 2011 12:25 am

Hi fewi, thanks again for your learnfull reply, but it took some time for me to consume what you wrote there..

I also got a reply related discussion:
http://forum.mikrotik.com/viewtopic.php ... 11#p243711

So what I do now is basically have the PCC in the prerouting chiain assign routing marks only to packages, so routing decision is now based upon these.
Then in the forward chain I mark the connections followed by the package mark for these connections (so return traffic and subsequent traffic gets same mark, they all belong to same connection) and use these for my QoS.

I think this is a proper way of doing things....

Who is online

Users browsing this forum: Bing [Bot] and 68 guests