All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira <pablo@eurodev.net>
To: Michael Varga <mike.varga@cavium.com>
Cc: netfilter-devel@lists.netfilter.org, netfilter@lists.netfilter.org
Subject: Re: netfilter hook not working with fragments
Date: Thu, 10 Feb 2005 23:06:00 +0100	[thread overview]
Message-ID: <420BDAC8.3080300@eurodev.net> (raw)
In-Reply-To: <19c901c50f35$a4afb8b0$a610a8c0@niche>

Michael Varga wrote:

>Hi,
>
>I wrote a NF_IP_PRE_ROUTING hook to capture packets
>for an IPSec implimentation.
>
>Is there a way to make netfilter assemble fragments before=20
>recieving them in my netfilter hook?
>  
>

If you use a kernel 2.4, you won't see any fragments since netfilter 
assembles them before hitting NF_IP_PRE_PREROUTING. On the other hand, 
if your box runs a kernel 2.6,  assemble them by yourself. Have a look 
at skb_linearize. Previously check that it's non linear with 
skb_is_non_linear.

http://lxr.linux.no/source/include/linux/skbuff.h#L1041
http://lxr.linux.no/source/include/linux/skbuff.h#L655

Since you get packets from interrupt context, make sure you pass the 
GFP_ATOMIC flag to skb_linearize.

--
Pablo


  reply	other threads:[~2005-02-10 22:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-02-10  5:59 netfilter hook not working with fragments Michael Varga
2005-02-10  5:59 ` Michael Varga
2005-02-10 22:06 ` Pablo Neira [this message]
2005-02-16 22:04   ` Packet mangle issues with retransmissions Scott MacKay

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=420BDAC8.3080300@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=mike.varga@cavium.com \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.