* What is special about loopback
@ 2008-01-17 14:08 DI Roman Fiedler
0 siblings, 0 replies; only message in thread
From: DI Roman Fiedler @ 2008-01-17 14:08 UTC (permalink / raw)
To: Mail List - Netfilter
Hi All,
There are some statements that PREROUTING modifications are not possible
on packets transmitted via loopback. It seems that there is some kind of
"short-circuit" when sending packets from localhost to localhost, I
guess for speed advantage.
The image
http://upload.wikimedia.org/wikipedia/de/5/5f/Nfk-traversal.png states
that a packet would have to enter the kernel with ip_rcv to pass the
complete netfilter architecture again, but loopback uses netif_rx(skb)
to feedback sent packets.
Is the assumption correct, that a modified loopback module or some other
virtual network module could feed back packets in a way that the pass
the complete filtering arch or would the local routing tables make any
efforts useless (even when local routing is modified)? Has someone
already used such a thing for iptables testing? Or would two connected
tun devices (local tunnel) do the trick?
greetings, Roman
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-01-17 14:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-17 14:08 What is special about loopback DI Roman Fiedler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox