From: Thomas Graf <tgraf@suug.ch>
To: Weber Matthias <weber@faps.uni-erlangen.de>
Cc: bert hubert <ahu@ds9a.nl>, netdev@oss.sgi.com
Subject: Re: filtering packtes before OS takes care about them
Date: Tue, 1 Mar 2005 01:26:26 +0100 [thread overview]
Message-ID: <20050301002626.GR31837@postel.suug.ch> (raw)
In-Reply-To: <09766A6E64A068419B362367800D50C0B58A18@moritz.faps.uni-erlangen.de>
> I need to develop a special gateway. It shall map exernal ips to internal ports and external ports to internal ips (kind of NAT but connections have to be established from external to internal network and vice versa!), so the sender,receveiver addresses and ports have to be changed off each package received. Afterwards these packets shall be resent via one (out of more) interfaces. Therefore kernel's IP stuff disturbs me, but because i want to use TCP/IP at the gateway itself too (the computer runs applications using IP), i still need it.
I won't comment on the way you are about to solve your problem even if I
do think that it could be solved in a simpler way. In recent 2.6 kernels
the earliest filtering possibility is via the ingress qdisc right after
the skb has been received, see the ing_filter() call in netif_receive_skb(),
given you enable tc actions. Earlier kernels or if tc actions is not
enabled, the netfilter prerouting hook is used which gets invoked in the
ip code after some very basic sanity checks.
You can use the pedit action to modify the packet although the checksum
correction action is still missing which might bother you.
next prev parent reply other threads:[~2005-03-01 0:26 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-28 18:59 AW: filtering packtes before OS takes care about them Weber Matthias
2005-03-01 0:26 ` Thomas Graf [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-02-28 16:16 Weber Matthias
2005-02-28 17:38 ` bert hubert
2005-02-28 20:09 ` Asim Shankar
2005-03-01 0:30 ` Pedro Fortuna
2005-03-01 1:53 ` jamal
2005-03-01 3:35 ` Asim Shankar
2005-03-01 16:33 ` Pedro Fortuna
2005-03-05 14:08 ` Pedro Fortuna
2005-03-05 18:58 ` Asim Shankar
2005-03-05 19:36 ` Pedro Fortuna
[not found] ` <7bca1cb50503051729e3273d3@mail.gmail.com>
2005-03-06 2:04 ` Pedro Fortuna
2005-03-07 2:46 ` Pedro Fortuna
2005-03-01 17:20 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050301002626.GR31837@postel.suug.ch \
--to=tgraf@suug.ch \
--cc=ahu@ds9a.nl \
--cc=netdev@oss.sgi.com \
--cc=weber@faps.uni-erlangen.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).