From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julian Anastasov <ja@ssi.bg>
Date: Mon, 17 Jun 2002 20:35:34 +0000
Subject: Re: [LARTC] ipchains + mark in output chain ?
Message-Id: <marc-lartc-102434613412400@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-102389248503844@msgid-missing>
In-Reply-To: <marc-lartc-102389248503844@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org


	Hello,

On Mon, 17 Jun 2002, Ciprian Niculescu wrote:

> aa ok, so why the subject is ipchains? :-)

	I'm just replying to the proposed iptables diagram.

> >>http://people.unix-fu.org/andreasson/iptables-tutorial/images/tables_traverse.jpg
> >>
> > 	Another wrong picture for iptables
>
>
> why???

	Read my posting again. The routing decision is before
OUTPUT not after OUTPUT. It should be looking something like:

local process -> output routing -> OUTPUT+output_rerouting(s) -> ...

Another problem: to what routing decision refers the diagram
after forward?

The forwarding should be:

prerouting -> input routing -> forward -> post_routing

Another bug, this time in the netfilter sources (iptable_mangle.c):

output_rerouting called from INPUT

> C

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/