Netfilter and IPPROTO_RAW

Netfilter and IPPROTO_RAW

[Paul Rolland]

Hello,

I hope my question is not completely stupid....

I've read most of the documentation I can find related to Netfilter
in Kernel 2.4, and thru that, I now have a quite good idea of how to
use it...

My question is : at which place in the kernel does the Netfilter
code interact ?

I've a machine with more than one interface, and different default
routes.
To manage this, I have installed some rules :

/sbin/ip rule add from "IP.int.1" table eth1
/sbin/ip route add default via "IP.gw.1" dev eth1 table eth1

/sbin/ip rule add from "IP.int.2" table eth2
/sbin/ip route add default via "IP.gw.2" dev eth2 table eth2

This is supposed to route packets based on the source IP of the
packet, and throw it directly to the correct interface.

My problem is that one of the program we are using is sending
its packets to a socket that has been created by :
theSocket = socket(PF_INET, SOCK_RAW, IPPROTO_RAW);
and it seems from all the tests I've conducted that these packets
are bypassing all the rules aboved mentionned...

Is there a way to interact on packets sent to such a socket ?

Thanks for your help,
Regards,

Paul Rolland, rol@as2917.net

Re: Netfilter and IPPROTO_RAW

[Patrick Schaaf]

> My problem is that one of the program we are using is sending
> its packets to a socket that has been created by :
> theSocket = socket(PF_INET, SOCK_RAW, IPPROTO_RAW);
> and it seems from all the tests I've conducted that these packets
> are bypassing all the rules aboved mentionned...

Correct, as far as I know. Using RAW sockets is not "normal".
iptables caters to what "normal" usage needs. And that's basically
a good thing.

> Is there a way to interact on packets sent to such a socket ?

Change the app, or give it an LD_PRELOAD library overwriting
the recvmsg/sendmsg calls, or change the kernel so RAW sockets
have netfilter hooks. Those are your possibilities. Good luck.

best regards
  Patrick