Re: [LARTC] packet in the kernel

From: Rodolfo Brasnarof <rodob@datafull.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] packet in the kernel
Date: Wed, 07 Mar 2007 11:43:39 +0000	[thread overview]
Message-ID: <20070307084339.545405bd@localhost> (raw)
In-Reply-To: <a6f3d2ff87e099b50784ed18c3ad37f9@85.18.136.107>

[-- Attachment #1: Type: text/plain, Size: 949 bytes --]

On Wed, 7 Mar 2007 10:53:12 +0100
Simone84bo <simone84bo@email.it> wrote:

> Hi all,
> Can someone say me the theoretic way of packet in the kernel.

Perhaps this diagram can help you:

	http://l7-filter.sourceforge.net/PacketFlow.png

I'll attach another one in asciiart I picked from somewhere (maybe
this list itself).

> When the packet will be send to a IMQ device?
> When the packet arrives to post routing time?
> When operation of NAT occur? befor or later that the packet will send
> to net device?

When loading imq module, my kernel says:

	IMQ starting with 2 devices...
	IMQ driver loaded successfully.
	        Hooking IMQ before NAT on PREROUTING.
	        Hooking IMQ after NAT on POSTROUTING.

This is the default option, but you can choose from all 4 options at
compile time:

	CONFIG_IMQ=m
	# CONFIG_IMQ_BEHAVIOR_AA is not set
	# CONFIG_IMQ_BEHAVIOR_AB is not set
	CONFIG_IMQ_BEHAVIOR_BA=y
	# CONFIG_IMQ_BEHAVIOR_BB is not set

[-- Attachment #2: packetflow.txt --]
[-- Type: text/plain, Size: 4945 bytes --]

    Kernel Packet Traveling Diagram

                            Network
                    -----------+-----------
                               |
                  +--------------------------+
          +-------+-------+        +---------+---------+
          |    IPCHAINS   |        |      IPTABLES     |
          |     INPUT     |        |     PREROUTING    |
          +-------+-------+        | +-------+-------+ |
                  |                | |   conntrack   | |
                  |                | +-------+-------+ |
                  |                | |    mangle     | | <- MARK WRITE  
                  |                | +-------+-------+ |
                  |                | |      IMQ      | |
                  |                | +-------+-------+ |
                  |                | |      nat      | | <- DEST REWRITE
                  |                | +-------+-------+ |     DNAT or REDIRECT or DE-MASQUERADE
                  |                +---------+---------+
                  +------------+-------------+
                               |
                       +-------+-------+
                       |      QOS      |
                       |    INGRESS    |
                       +-------+-------+
                               |
         packet is for +-------+-------+ packet is for
          this machine |     INPUT     | another address
        +--------------+    ROUTING    +--------------+
        |              |    + PDBB     |              |
        |              +---------------+              |
+-------+-------+                                     |
|   IPTABLES    |                                     |
|     INPUT     |                                     |
| +-----+-----+ |                                     |
| |   mangle  | |                                     |
| +-----+-----+ |                                     |
| |   filter  | |                                     |
| +-----+-----+ |                                     |
+-------+-------+                                     |
        |                               +---------------------------+
+-------+-------+                       |                           |
|     Local     |               +-------+-------+           +-------+-------+
|    Process    |               |    IPCHAINS   |           |    IPTABLES   |
+-------+-------+               |    FORWARD    |           |    FORWARD    |
        |                       +-------+-------+           | +-----+-----+ |
+-------+-------+                       |                   | |  mangle   | | <- MARK WRITE
|    OUTPUT     |                       |                   | +-----+-----+ |
|    ROUTING    |                       |                   | |  filter   | |
+-------+-------+                       |                   | +-----+-----+ |
        |                               |                   +-------+-------+
+-------+-------+                       |                           |
|    IPTABLES   |                       +---------------------------+
|     OUTPUT    |                                     |
| +-----------+ |                                     |
| | conntrack | |                                     |
| +-----+-----+ |                                     |
| |   mangle  | | <- MARK WRITE                       |
| +-----+-----+ |                                     |
| |    nat    | | <-DEST REWRITE                      |
| +-----+-----+ |     DNAT or REDIRECT                |
| |   filter  | |                                     |
| +-----+-----+ |                                     |
+-------+-------+                                     |
        |                                             |
        +----------------------+----------------------+
                               |
                  +------------+------------+
                  |                         |
          +-------+-------+       +---------+---------+
          |    IPCHAINS   |       |      IPTABLES     |
          |     OUTPUT    |       |    POSTROUTING    |
          +-------+-------        | +-------+-------+ |
                  |               | |    mangle     | | <- MARK WRITE  
                  |               | +-------+-------+ |
                  |               | |      nat      | | <- SOURCE REWRITE
                  |               | +-------+-------+ |      SNAT or MASQUERADE
                  |               | |      IMQ      | |
                  |               | +-------+-------+ |
                  |               +---------+---------+
                  +------------+------------+
                               |
                        +------+------+
                        |     QOS     |
                        |    EGRESS   |
                        +------+------+
                               |
                    -----------+-----------
                            Network

[-- Attachment #3: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc