Hi. First of all - I am a beginner in kernel programming, so my question can be very stupid. Sorry. I try to write simple firewall module and I find incomprehensible (at least for me) thing. I have Linux-machine with 2.6.17 kernel with my firewall module. My module register two hooks - LOCAL_OUT and PRE_ROUTING. With wget I try to download index.html from external WWW-server. I see in my module 3 handshake packets - they all normal. Then I see first packet with payload - it is TCP-packet with PSH and ACK flags and it is not normal at all. In this packet in tcp-data area I MUST see such string: "GET / HTTP/1.1..." or in HEX "4745 5420 2f20 4854 5450 2f31 2e31 ..." BUT I see such data in it: "0200 0100 0100 0000 0100 0000 0000 ....". As you can see - payload data wrong. IP and TCP headers - all normal. Length normal. Even more - if I return NF_ACCEPT on this packet - WWW-server got normal packet with normal payload data. If I use my Linux-machine as gateway (and catch forwarding packets by PRE_ROUTING hook) - I see this packet with normal data inside. So, I have some questions: 1) Is it possible? 2) If it is possible - what happens and where I can get normal payload data? P.S.: sorry if repeated question - I really was trying to find it in archive. P.P.S.: sorry for my English. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
