i'm working on a NAT server in pure XDP. but to have a robust nat functionality i wanted to track the connection (storing and fetching tracking data) and i was thinking about using the already exist netfilter conntrack data structure and functions to help with packet processing in XDP, i have some knowledge about nf_conntrack but i feel i miss something, i'm not sure exactly if i can just recieve the packet and check with netfilter conntrack if it's a new connection or not.
for example if it's a new connection :
i can just call a netfiler conntrack function which can make decision about what port i can assign as public source port and another info to a tuple.
and when the reply back i can check in nf conntrack that it's a reply and just update the packet info and pass to the internal network.
i got some inspiration from this repo : https://github.com/ti-mo/conntracct. but i see they doing only statistics, so here the packets go through the normal kernel stack.
i feel confused a little but if i managed to explain what i'm thinking about and you have a hint or a tip to direct me, i'd be grateful.
thanks.
