Re: A question about reinjecting packets

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Unit Zero <onyx@zero.fdns.net>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: A question about reinjecting packets
Date: Thu, 12 Feb 2004 17:10:53 +0100	[thread overview]
Message-ID: <402BA58D.1030907@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.56L0.0402121032040.759@zero.fdns.net>

Unit Zero wrote:
> I actually have been wondering about reinjecting packets for some time... 
> I've written some test code but had limited success in actually getting 
> the packets out onto the wire. My issue is this: I want to steal outbound 
> packets before they hit the net and use add_timer() to schedule a callback 
> which sends the packet out after a certain delay. (To implement 
> rate-limiting that dosen't drop packets, but delays them when they exceed 
> a certain throughput.)

This is not possible. If you rate-limit packets you have to drop them
at some point if the input rate constantly exceeds the service rate.
Besides, there is not much use in sending packets that have long been
retransmitted.

> 
> I assume that I should be hooking into LOCAL_OUTPUT, and returning 
> NF_STOLEN (??) for packets that I snatch. But I have the same problem as 
> Paul... what kernel routine do I use in the timer function to send the 
> packet onto the network?

Why don't you build into the qos subsystem ? It has all the
infrastructure you need.

Regards,
Patrick

> 
> I think I've gotten some code which I hacked from the ipt_ROUTE target to 
> steal packets from netfilter and send them directly using ip_direct_send()
> from the ipt_ROUTE code, but they seem to re-enter netfilter and go 
> through the chains again, which causes an infinite loop when they get to
> the ip_direct_send() in the rule with my target again. So, basically, how 
> do I inject a packet AFTER the netfilter processing?
> 
> - V. M. Condino
> 
> On Wed, 11 Feb 2004, Paul Tipper wrote:
> 
> 
>>I've tried using ip6_xmit() (for which I constructed a struct flowi).
>>When I couldn't get that work I prodded about some more and tried to use
>>the NF_HOOK macro to send it out on PF_INET6, NF_IP6_POST_ROUTING, however
>>the packet never seems to make it out onto the network and just vanishes
>>without a trace, which leads me to believe I've not converted it properly
>>and some nice peice of code further down the line is dropping it for
>>safety reasons.

next prev parent reply	other threads:[~2004-02-12 16:10 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-02-11 15:58 A question about reinjecting packets Paul Tipper
2004-02-12  2:04 ` Henrik Nordstrom
2004-02-12 15:51 ` Unit Zero
2004-02-12 16:10   ` Patrick McHardy [this message]
2004-02-12 16:29     ` Unit Zero

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=402BA58D.1030907@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=onyx@zero.fdns.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.