From: Gilad Ben-Yossef <gilad@benyossef.com>
To: Wang Hui <whui@mail.ustc.edu.cn>
Cc: ganda utama <gndutm@netscape.net>, linux-kernel@vger.kernel.org
Subject: Re: What dose 'general protection fault: 0000' mean?
Date: 11 Jun 2002 17:40:09 +0300 [thread overview]
Message-ID: <1023806415.8140.46.camel@sake> (raw)
In-Reply-To: <Pine.GSO.4.31L2A.0206111533530.27147-100000@mail>
On Tue, 2002-06-11 at 10:46, Wang Hui wrote:
> As you mentioned in your mail, you suggested me to make a Netfilter module
> to realize what I want. In fact, it is really a good choice. But as to
> my case, I have to modify the outgoing IP packet header. And after the
> modification, the outgoing IP packet's header will become a none-IP
> header( as defined in RFC 3095). So I dont know if this kind of
> modified packet could still traverse the netfilter chains? Will the
> kernel drop this 'strange header' packet (for the kernel cannot
> understand this kind of none-IP header)? Or say, where should I put my
> modification module in the netfilter chain as to avoid this dropping??
I understand completly the problem of not being able to *continue*
traversing the netfilter path because of the sk_buff no longer
containing a valid IP packet.
My suggestion is to use the netfilter (or even better iptables) system
to 'harvest' the packets, modify them and then do whatever needs to be
done to transmit them.
AFAIK RFC3095 has several modes of operations and only with some of them
the end result is a non IP packet where in the others the it is an
encapsulating IP packet. When you harvest the packet using
netfilter/iptables you can re-inject those packets to the stack if it is
apropriate (the end result in an IP packet) or directly to the transmit
queue of the device (when it isn't).
Aoother advantage of my suggestion is that you don't need to *alter* the
dev struct, so you don't need to worry about the race and other
conditions that are involved with such a thing.
It'll also enable you do neat tricks like use RFC3095 only for a
specific stream while leaving all the rest intact. Whether this actually
makes sense or not I don't know.
> To clearify my problem, I would like to draw a small picture here:
> [kernel ipv6 packet output] --> [My Module: modify the IP header to be a
> nono-IP header] --> [ put it to the device output queue to sent out]
To clarify my suggestion, I'm thinking of:
[ IP stack ] -> [Netfilter/iptables hook ] -> [Your module] if IP packet
-> [ IP stack] else -> [ device xmit queue ]
Gilad.
--
Gilad Ben-Yossef <gilad@benyossef.com>
Code mangler, senior coffee drinker and VP SIGSEGV
Qlusters ltd.
"A billion flies _can_ be wrong - I'd rather eat lamb chops than shit."
-- Linus Torvalds on lkml
next prev parent reply other threads:[~2002-06-11 14:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3D057CDD.3070307@netscape.net>
2002-06-11 5:36 ` What dose 'general protection fault: 0000' mean? Wang Hui
2002-06-11 6:27 ` Gilad Ben-Yossef
2002-06-11 7:46 ` Wang Hui
2002-06-11 14:40 ` Gilad Ben-Yossef [this message]
2002-06-11 2:09 Wang Hui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1023806415.8140.46.camel@sake \
--to=gilad@benyossef.com \
--cc=gndutm@netscape.net \
--cc=linux-kernel@vger.kernel.org \
--cc=whui@mail.ustc.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox