Re: Looking for small Confirmation about skb_pull & NF_ACCEPT !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Whenever you manipulate the packet before PRE_ROUTING point in the
stack, the kernel will decide whether to route the packet to LOCAL or
FORWARD. If you have pointer pointing to right IP header kernel will
use it to route. You really do not have to write routing code.

Also, when you say inner and outer header what do you mean by it. I
did not encounter this.

Thanks,
Sri.

On Thu, Apr 5, 2012 at 5:00 AM, SaNtosh kuLkarni
<santosh.yesoptus@xxxxxxxxx> wrote:
> i had a similar problem where in i was using SKB_PUSH to add extra
> header,,,, i used this... structure called flowi.... which can be used to
> define a sort of traffic class...based on some combination of fields
>
>
> iph->daddr =htonl(xxxxxx);
> {
> struct rtable *rt;
> struct flowi fl;
> memset(&fl, 0x0, sizeof(struct flowi));
> fl.fl4_dst  = htonl(xxxxxxx);
> fl.proto = IPPROTO_TCP;
> if (!ip_route_output_key(&init_net, &rt, &fl))
> {
> iph->saddr= htonl(ntohl(rt->rt_src));
>
> skb_dst_set(skb2, &rt->u.dst);
>
> }
>
> }
>
>
> On Mon, Apr 2, 2012 at 2:12 PM, Kesava Srinivas <vunnavafuture@xxxxxxxxx>
> wrote:
>>
>> HI Friends,
>> Looking for a Confirmation on my analysis.
>>
>> Once after Capturing the Socket Buffer in PRE_ROUTING Hook; Manipulated
>> the Socket Buffer by using the "skb_pull" Kernel Function. Using skb_pull;
>> stripped 28 bytes (IP+UDP) which are the Part of outer UDP/IP Header. Now;
>> My intention was to route the skb based on the Inner IP Header which is
>> sitting after stripping 28 bytes. At the END; returned NF_ACCEPT.
>>
>> Even though; skb_pull worked Fine., Kernel's Stack is still looking in to
>> Outer Header only for Routing the Packet.I expected ;Kernel will look the
>> Inner Header (As data Pointer was incremented by 28 bytes via skb_pull) and
>> Take decision based on the Inner one. But; that didn't  happened. It looks
>> to me like; we need to always use NF_STOLEN & should write our own code to
>> route based on the INNER HEADER. Was my conclusion correct ??
>>
>> -Thanks in Advance,
>> VKS
>>
>>
>>
>> _______________________________________________
>> Kernelnewbies mailing list
>> Kernelnewbies@xxxxxxxxxxxxxxxxx
>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@xxxxxxxxxxxxxxxxx
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>



-- 
Regards,
Sri.

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies



[Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Networking]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]

Add to Google Powered by Linux