[LARTC] Kernel Packet Traveling Diagram
Andy Furniss
lists at andyfurniss.entadsl.com
Wed Jul 4 02:51:54 CEST 2007
Edouard Thuleau wrote:
> Hi,
>
> I find this diagram which details the kernel packet traveling :
> http://www.docum.org/docum.org/kptd/
> Is it up to date ?
> I made some test and I put a DNAT rules in the PREROUTING table of an
> interface and I attach it a ingress policy, the dst IP wasn't changed. the
> DNAT it isn't yet make.
The default policer changed in 2.6 to hook before netfilter.
The kptd is correct for 2.4s. It's still possible to use the old policer
on 2.6 aswell - IIRC you have to say N to packet action in your kernel
config and it should then give you the choice to enable the old policer.
IFB also hooks before netfilter - you can get IMQ to hook after
PREROUTING NAT.
>
> I've another question (I'm not sure is it the good mailing list), for the
> fragment packet, I see the ingress policy doesn't work correctly and I'd
> like to know where in the kernel travel of the packet the fragment are
> re-assemble ? At the NAT or in the routing ?
Not really sure about this.
Andy.
More information about the LARTC
mailing list