Re: NF_IP_LOCAL_OUT and libnet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Amit,

> hi
>
>   Suppose I use libnet to inject packets into the kernel .. suppose they
> are tcp packets with a different src ip and dest ip from my machines ip
> .... which netfilter hook can i expect this packet to hit first ... the
> NF_IP_LOCAL_OUT or the NF_IP_PRE_ROUTING hook .. ?

I think only NF_IP_LOCAL_OUT will be hit.

> the netfilter unreliable guides state this
>
> "The NF_IP_LOCAL_OUT [5] hook is called for locally generated packets.
Here
> You can see that routing occurs after this hook is called: in fact, the
> routing code
> is called first (to figure out the source IP address and some IP options),
> and called again if the packet is altered"
>
> Here what do we mean by "locally generated packets", the packets generated
> by that machines application (irrespective of what src and dest ip that
> packet carries) or the packets that have src_ip== that of this
> machine(irrespective of whether they were generated by applications on
this
> machine or if they are coming from the network ??)

As far as I understand, we can not decide whether a packet is locally
genereated only based on its src_ip. Those packets pass through SNAT should
not be thought of as locally genereated by the machine, since these two
kinds of packets pass through different routines in the kernel.

Jee

> Please explain.
>
> thanks
> Amit
>
> "DISCLAIMER: This message is proprietary to Hughes Software Systems
Limited
> (HSS) and is intended solely for the use of the individual to whom it is
> addressed. It may contain  privileged or confidential information and
> should not be circulated or used for any purpose other than for what it is
> intended. If you have received this message in error, please notify the
> originator immediately. If you are not the intended recipient, you are
> notified that you are strictly prohibited from using, copying, altering,
or
> disclosing the contents of this message. HSS accepts no responsibility for
> loss or damage arising from the use of the information transmitted by this
> email including damage from virus."
>
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux