Hello, On Mon, 9 Aug 2004, Martin A. Brown wrote: > Does it happen before NF_IP_PRE_ROUTING (PREROUTING) or not? After > Does it only happen at route selection time? Yes, input route only > If I understand the path correctly, the functions are traversed in this > order (from most deeply nested first): > > fib_validate_source() > ip_route_input_slow() > ip_route_input() > > ip_rcv_finish() > ip_rcv() The above is correct > It seems that ip_rcv() (in ip_input.c) calls the following, and I simply > do not understand what this means: > > return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, > ip_rcv_finish); > > I'm guessing that NF_IP_PRE_ROUTING (the PREROUTING hooks) are called > before ip_rcv_finish is called, which means that the rp_filter action > doesn't occur until after the PREROUTING hooks. Yes, routing happens after DNAT (prerouting), so rp_filter works with translated addresses. > Is this accurate? Can anybody shed some light? Is my interpretation > accurate? Yes, > Thank you very much, > > -Martin > > [0] http://www.ussg.iu.edu/hypermail/linux/kernel/0002.1/1522.html > [1] http://open-source.arkoon.net/kernel/kernel_net.png Regards -- Julian Anastasov <ja@xxxxxx> _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
