Edouard Thuleau wrote:
Hi,
I find this diagram which details the kernel packet traveling :
http://www.docum.org/docum.org/kptd/
Is it up to date ?
I made some test and I put a DNAT rules in the PREROUTING table of an
interface and I attach it a ingress policy, the dst IP wasn't changed. the
DNAT it isn't yet make.
The default policer changed in 2.6 to hook before netfilter.
The kptd is correct for 2.4s. It's still possible to use the old policer
on 2.6 aswell - IIRC you have to say N to packet action in your kernel
config and it should then give you the choice to enable the old policer.
IFB also hooks before netfilter - you can get IMQ to hook after
PREROUTING NAT.
I've another question (I'm not sure is it the good mailing list), for the
fragment packet, I see the ingress policy doesn't work correctly and I'd
like to know where in the kernel travel of the packet the fragment are
re-assemble ? At the NAT or in the routing ?
Not really sure about this.
Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
