* Packet checksum
@ 2004-02-04 12:58 Scott MacKay
2004-02-04 13:25 ` Pablo Neira
0 siblings, 1 reply; 3+ messages in thread
From: Scott MacKay @ 2004-02-04 12:58 UTC (permalink / raw)
To: netfilter-devel
When, in the great scheme of things, does packet
checksum (and potential packet drop for bad checksums)
occur? Is there a particular point in the netfilter
process or does it occur before/after the chains?
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Packet checksum
2004-02-04 12:58 Packet checksum Scott MacKay
@ 2004-02-04 13:25 ` Pablo Neira
2004-02-04 13:54 ` Scott MacKay
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira @ 2004-02-04 13:25 UTC (permalink / raw)
To: Scott MacKay, netfilter-devel
Hi Scott,
Scott MacKay wrote:
>When, in the great scheme of things, does packet
>checksum (and potential packet drop for bad checksums)
>occur? Is there a particular point in the netfilter
>process or does it occur before/after the chains?
>
>
AFAIK, the ip header checksum is done before the packet gets the
NF_PREROUTING hook,
so the packet will be drop before it hits netfilter.
Have a look at the ip_rcv(...) function
(http://lxr.linux.no/source/net/ipv4/ip_input.c#L418)
could anyone confirm this?
cheers,
Pablo
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Packet checksum
2004-02-04 13:25 ` Pablo Neira
@ 2004-02-04 13:54 ` Scott MacKay
0 siblings, 0 replies; 3+ messages in thread
From: Scott MacKay @ 2004-02-04 13:54 UTC (permalink / raw)
To: Pablo Neira, netfilter-devel
TY!
-Scott
--- Pablo Neira <pablo@eurodev.net> wrote:
> Hi Scott,
>
> Scott MacKay wrote:
>
> >When, in the great scheme of things, does packet
> >checksum (and potential packet drop for bad
> checksums)
> >occur? Is there a particular point in the
> netfilter
> >process or does it occur before/after the chains?
> >
> >
> AFAIK, the ip header checksum is done before the
> packet gets the
> NF_PREROUTING hook,
> so the packet will be drop before it hits netfilter.
>
> Have a look at the ip_rcv(...) function
>
(http://lxr.linux.no/source/net/ipv4/ip_input.c#L418)
>
> could anyone confirm this?
>
> cheers,
> Pablo
>
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-02-04 13:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-02-04 12:58 Packet checksum Scott MacKay
2004-02-04 13:25 ` Pablo Neira
2004-02-04 13:54 ` Scott MacKay
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.