NF_IP_POST_ROUTING hook question (2.4)

NF_IP_POST_ROUTING hook question (2.4)

[Yakov Lerner]

In the NF_IP_POST_ROUTING hook function, how can I
tell that packet originated locally vs was forwarded ?
I need to hook NF_IP_POST_ROUTING not NF_IP_FORWARD.

I'd expect that 'net_device *in' argument to be  not NULL for
forwarded packets.

But what I see is NULL for both forwarded  and locally sent packets
(in NF_IP_POST_ROUTING hook).
Which field of skb can  tell me that packet originated locally ?

Yakov

Re: NF_IP_POST_ROUTING hook question (2.4)

[Jozef Hamar]

Hi,

frankly, I'm also surprised that the 'net_device *in' is NULL.

Probably there is much simpler way to do that than my idea, but have  
you tried to mark somehow those packets in NF_IP_FORWARD and in  
NF_IP_POST_ROUTING matching only those packets?

Another think... why do you want to match forwarded packets in  
NF_IP_POST_ROUTING? I don't see the point, but presume that you know  
what you are doing...

  ---
  Jozef Hamar

  _   _   _   _   _   _   _   _   _   _   _   _   _   _   _   _   _   _
   `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´ `-´

  I must not fear. Fear is the mind-killer. Fear is the little-death that
  brings total obliteration. I will face my fear. I will permit it to pass
  over me and through me. And when it has gone past I will turn the inner
  eye to see its path. Where the fear has gone there will be nothing.
  Only  I will remain.


Quoting Yakov Lerner <iler.ml@gmail.com>:

> In the NF_IP_POST_ROUTING hook function, how can I
> tell that packet originated locally vs was forwarded ?
> I need to hook NF_IP_POST_ROUTING not NF_IP_FORWARD.
>
> I'd expect that 'net_device *in' argument to be  not NULL for
> forwarded packets.
>
> But what I see is NULL for both forwarded  and locally sent packets
> (in NF_IP_POST_ROUTING hook).
> Which field of skb can  tell me that packet originated locally ?
>
> Yakov
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

NF_IP_POST_ROUTING hook & sk_buff struct

[Garrick il Bardo]

Hi,
if I write a NF_IP_POST_ROUTING hook (for kernel
2.6.21) to SNAT some TCP packets, can I suppose that
(for TCP packets) TCP Payload is contiguous to TCP
Header in struct sk_buff (payload pointer = skb->h->th
+ (skb->h->th->doff * 4) ) ? If not, is there a
function that assure me this result ?

I'm writing a NF_IP_POST_ROUTING hook for kernel
2.6.21, but it does right SNAT and checksum
calculation only for TCP packet without payload,
because TCP payload seems to be not contiguous to TCP
Header in struct sk_buff!

Thanks,
Maurizio


---
Maurizio


(o<                                    (@_
//\                                    //\
V_/_....Powered By Ubuntu GNU/Linux....V_/_


      ___________________________________ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: http://it.docs.yahoo.com/nowyoucan.html