* How to pass packets up to protocols layer ?
@ 2001-06-28 9:58 Gautier Harmel
0 siblings, 0 replies; 3+ messages in thread
From: Gautier Harmel @ 2001-06-28 9:58 UTC (permalink / raw)
To: linux-kernel
I'm writing a module on Kernel 2.4. A part of this module can be view as
a firewall.
My module is logically located between the IP layer and the link layer.
In fact, the binding is done on NF_IP_POST_ROUTING for packets outgoing,
and on NF_IP_PRE_ROUTING for packets incoming.
I'd like my firewall to respond by an TCP/RST packet when a packet is
forbidden.
There is no problem with that when I send this packet over the network.
To do that :
- I created a new skbuff, that I properly fill with TCP/IP headers.
- I find the route by calling something like :
if (ip_route_output(&rt, iph->daddr, iph->saddr,
RT_TOS(iph->tos), 0) != 0)
return NULL;
dev = rt->u.dst.dev;
-Then I fill properly my sk_buff,
-Later I send the packet with a code like that:
static inline int output_maybe_reroute(struct sk_buff *skb)
{
return skb->dst->output(skb);
}
NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dev,
output_maybe_reroute);
There is no problem with that, it work fine in that way !
My problem is that sometimes, I'd like to pass those RST packets UP to
the protocol layer.
Instead of sending packets on the network, I'd like to pass them up.
As it works for the sending way, I'm trying to do the same and just
modifying the last step by something like :
- Pass my packet up to the protocol layer
static inline int input_maybe_reroute(struct sk_buff *skb) {
return skb->dst->input(skb);
}
NF_HOOK(PF_INET, NF_IP_LOCAL_IN skb, skb->dev, NULL,
input_maybe_reroute);
But of course it fails, (in fact I don't even know what should do the
skb->dst->input() function) !
Anyone has an idea on how to do something like that or where to find
doc. ?
When do we have to call ip_route_input() ?
Thank you for help
Gautier Harmel
PS : As I've not subscribe to the mailing list, could you, please, put
my email adress in CC
Gautier.Harmel@qosmos.net
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to pass packets up to protocols layer ?
[not found] <3B3AFFDE.2763D18F@qosmos.net.suse.lists.linux.kernel>
@ 2001-06-28 12:42 ` Andi Kleen
2001-06-28 13:40 ` Alexey Vyskubov
0 siblings, 1 reply; 3+ messages in thread
From: Andi Kleen @ 2001-06-28 12:42 UTC (permalink / raw)
To: Gautier Harmel; +Cc: linux-kernel
Either use netif_rx()/ for complete packets that should go through the
whole stack again or nf_reinject() from your hook.
-Andi
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to pass packets up to protocols layer ?
2001-06-28 12:42 ` Andi Kleen
@ 2001-06-28 13:40 ` Alexey Vyskubov
0 siblings, 0 replies; 3+ messages in thread
From: Alexey Vyskubov @ 2001-06-28 13:40 UTC (permalink / raw)
To: ext Andi Kleen; +Cc: Gautier Harmel, linux-kernel
> Either use netif_rx()/ for complete packets that should go through the
> whole stack again or nf_reinject() from your hook.
Is it really possible to call netif_rx from netfilter hook? I try to
call netif_rx(skb) from PRE_ROUTING hook (returning NF_STOLEN)
and kernel immediately crashes, even if I did nothing with skb at all.
Why it happens this way?
--
Alexey
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-06-28 13:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-06-28 9:58 How to pass packets up to protocols layer ? Gautier Harmel
[not found] <3B3AFFDE.2763D18F@qosmos.net.suse.lists.linux.kernel>
2001-06-28 12:42 ` Andi Kleen
2001-06-28 13:40 ` Alexey Vyskubov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox