* about ip header options
@ 2012-11-07 22:38 Miguel Alejandro González
2012-11-08 12:42 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Miguel Alejandro González @ 2012-11-07 22:38 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 640 bytes --]
Hello
I have a netfilter module on the mangle table PREROUTING... I want to
validate unexpired routes in ipv4 headers, but I think the TCP/IP
stack already does this... because it is mentioned on the rfc 1812 so
I'm guessing it is already implemented by the kernel
but somehow my module catches the packet first before the kernel does
its magic...
As I understand the picture I'm attaching represents the whole process
the TCP/IP stack performs to handle the options in a IPv4 packet, but
I still don't understand how netfilter works with the stack
Do I have to process the packet's options in my module or what?
Please, help
Regards
[-- Attachment #2: Screenshot from 2012-11-07 15_50_47.png --]
[-- Type: image/png, Size: 51730 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: about ip header options
2012-11-07 22:38 about ip header options Miguel Alejandro González
@ 2012-11-08 12:42 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2012-11-08 12:42 UTC (permalink / raw)
To: Miguel Alejandro González; +Cc: netfilter-devel
Hi Miguel,
On Wed, Nov 07, 2012 at 04:38:54PM -0600, Miguel Alejandro González wrote:
> Hello
>
> I have a netfilter module on the mangle table PREROUTING... I want to
> validate unexpired routes in ipv4 headers, but I think the TCP/IP
> stack already does this... because it is mentioned on the rfc 1812 so
> I'm guessing it is already implemented by the kernel
>
> but somehow my module catches the packet first before the kernel does
> its magic...
>
> As I understand the picture I'm attaching represents the whole process
> the TCP/IP stack performs to handle the options in a IPv4 packet, but
> I still don't understand how netfilter works with the stack
This is rather old, but it helps to provide the big picture:
http://open-source.arkoon.net/kernel/kernel_net.png
> Do I have to process the packet's options in my module or what?
I think it's better if you try to explain what you're trying to do
with your new extension. That may help to attract people to help you.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-11-08 12:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-11-07 22:38 about ip header options Miguel Alejandro González
2012-11-08 12:42 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).