Re: Kernel Packet Traveling Diagram

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2 Jul 2007, Edouard Thuleau wrote:


Thanks,
I know the older version of this diagram and this one is quite the same I
told below but the problem is the same for the DNAT. I made another test. I
change the DSCP value in the PREROUTING table and I put an ingress policing
which match this new dscp value but the filter doesn't match nothing (I work
on a Linux 2.6.17).
With my test, the older version (
http://www.imagestream.com/~josh/PacketFlow.jpg<http://www.imagestream.com/%7Ejosh/PacketFlow.jpg>)
of the diagram seams more exactly.
Don't know where I got this, but for as long as I can remember I've had this at the top of my scrips as a sort of quick ref. :) 

#   --->PRE------>[ROUTE]--->FWD---------->POST------>
#       Conntrack    |       Mangle   ^    Mangle
#       Mangle       |       Filter   |    NAT (Src)
#       NAT (Dst)    |                |
#       (QDisc)      |             [ROUTE]
#                    v                |
#                    IN Mangle       OUT Conntrack
#                    |  Filter        ^  Mangle
#                    |                |  NAT (Dst)
#                    v                |  Filter

Regards,
Mark.


Have you an idea ?

2007/7/2, nano bug <linnewbye@xxxxxxxxx>:


Hello,

I find this one more useful :

http://www.imagestream.com/~josh/PacketFlow-new.png<http://www.imagestream.com/%7Ejosh/PacketFlow-new.png>

On 7/2/07, Edouard Thuleau <thuleau@xxxxxxxxx> wrote:

> Hi,
>
> I find this diagram which details the kernel packet traveling :
> http://www.docum.org/docum.org/kptd/
> Is it up to date ?
> I made some test and I put a DNAT rules in the PREROUTING table of an
> interface and I attach it a ingress policy, the dst IP wasn't changed. the 
> DNAT it isn't yet make.
>
> I've another question (I'm not sure is it the good mailing list), for
> the fragment packet, I see the ingress policy doesn't work correctly and I'd 
> like to know where in the kernel travel of the packet the fragment are
> re-assemble ? At the NAT or in the routing ?
>
> Thanks,
> Edouard.
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>




_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux