Pb using DROP in a PREROUTING hook with ip6tables

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Hadrien HAMEL <hamel@enseirb.fr>
To: netfilter-devel@lists.netfilter.org
Subject: Pb using DROP in a PREROUTING hook with ip6tables
Date: Fri, 15 Apr 2005 17:54:46 +0200	[thread overview]
Message-ID: <425FE3C6.6070807@enseirb.fr> (raw)

Hi,

I'm trying to develop a match module for filtering MLDv2 Reports packets
(multicast group management protocol in an IPv6 context). My module is
ready and works fine (at least, from what I see of the kernel messages I
print during the tests in the match function), and so I try to use it to
drop MLDv2 Reports.
Since MLDv2 is addressed to multicast group and not to a host address,
it is handled by the kernel before the routing stuff, so that I can't
use INPUT or FORWARD hooks. I must use the PREROUTING hook :

#ip6tables -t raw -A PREROUTING -p ipv6-icmp -m mldv2 -j DROP

Kernel messages show that the mldv2 packets are recognized (and so the
match function returns 1) but the packet aren't dropped. I've tried the
"mangle" table and the "raw" table, but both were ineffective. To be
sure that my module wasn't misbehaving, I tried to drop all the packets
in PREROUTING, with no effects. In comparison, the same command with
iptables (thus in IPv4) has blocked all the incoming packets (which is a
normal behaviour!).

Does anybody know if there is such a bug in ip6tables? Or is this a
misuse of it?

Thanks a lot!
Hadrien

next             reply	other threads:[~2005-04-15 15:54 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-15 15:54 Hadrien HAMEL [this message]
2005-04-17 22:14 ` Pb using DROP in a PREROUTING hook with ip6tables Patrick McHardy
2005-04-18 17:33   ` Hadrien HAMEL

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=425FE3C6.6070807@enseirb.fr \
    --to=hamel@enseirb.fr \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.