Mailing List Archive: iptables: Devel

netfilter hook does not see some packets ...

Index | Next | Previous | View Threaded

iler.ml at gmail

Aug 23, 2007, 5:23 AM

Post #1 of 2 (704 views)
Permalink

netfilter hook does not see some packets ...

I have a situation where my kernel module that registers the
nf hooks does does not see some packets. Those packets seems to be
those that are REDIRECTed by the following iptables rule:

*nat
:WEBFILTER-NAT - [0:0]
-A PREROUTING -j WEBFILTER-NAT
-A WEBFILTER-NAT -s 192.168.69.0/255.255.255.0 -p tcp -m tcp --dport
80 -j WF-8080
-A WF-8080 -p tcp -j REDIRECT --to-ports 8080
*filter
-A FORWARD -s 192.168.69.0/255.255.255.0 -j QUEUE

I hook 4 hooking points in my module (forward, local-in, local-out,
pre-routing).
My hooking priority is NF_IP_PRI_FIRST.

What is the reason that packets are not seen by my module ? How do I fix this ?

Thanks
Yakov

jengelh at computergmbh

Aug 23, 2007, 5:34 AM

Post #2 of 2 (644 views)
Permalink

Re: netfilter hook does not see some packets ... [In reply to]

On Aug 23 2007 15:23, Yakov Lerner wrote:
>
>I have a situation where my kernel module that registers the
>nf hooks does does not see some packets. Those packets seems to be
>those that are REDIRECTed by the following iptables rule:
>
>*nat
>:WEBFILTER-NAT - [0:0]
>-A PREROUTING -j WEBFILTER-NAT
>-A WEBFILTER-NAT -s 192.168.69.0/255.255.255.0 -p tcp -m tcp --dport 80 -j WF-8080
>-A WF-8080 -p tcp -j REDIRECT --to-ports 8080
>*filter
>-A FORWARD -s 192.168.69.0/255.255.255.0 -j QUEUE
>
>I hook 4 hooking points in my module (forward, local-in, local-out,
>pre-routing).
>My hooking priority is NF_IP_PRI_FIRST.

If you hook in with NF_IP_PRI_FIRST, you see the original packet, before it got
NATed.

Jan
--

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads