[LARTC] rp_filter and fib_validate_source sequence in KPTD
Julian Anastasov
ja@ssi.bg
Wed, 11 Aug 2004 10:14:05 +0300 (EEST)
Hello,
On Mon, 9 Aug 2004, Martin A. Brown wrote:
> Does it happen before NF_IP_PRE_ROUTING (PREROUTING) or not?
After
> Does it only happen at route selection time?
Yes, input route only
> If I understand the path correctly, the functions are traversed in this
> order (from most deeply nested first):
>
> fib_validate_source()
> ip_route_input_slow()
> ip_route_input()
>
> ip_rcv_finish()
> ip_rcv()
The above is correct
> It seems that ip_rcv() (in ip_input.c) calls the following, and I simply
> do not understand what this means:
>
> return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL,
> ip_rcv_finish);
>
> I'm guessing that NF_IP_PRE_ROUTING (the PREROUTING hooks) are called
> before ip_rcv_finish is called, which means that the rp_filter action
> doesn't occur until after the PREROUTING hooks.
Yes, routing happens after DNAT (prerouting), so rp_filter
works with translated addresses.
> Is this accurate? Can anybody shed some light? Is my interpretation
> accurate?
Yes,
> Thank you very much,
>
> -Martin
>
> [0] http://www.ussg.iu.edu/hypermail/linux/kernel/0002.1/1522.html
> [1] http://open-source.arkoon.net/kernel/kernel_net.png
Regards
--
Julian Anastasov <ja@ssi.bg>