All of lore.kernel.org
 help / color / mirror / Atom feed
* Netfilter kernel module hook at PREROUTING forward packet use ip_forward(sk_buff)
@ 2010-11-18 10:48 Dong-Yuan Shih
  2010-11-18 11:50 ` Jan Engelhardt
  0 siblings, 1 reply; 2+ messages in thread
From: Dong-Yuan Shih @ 2010-11-18 10:48 UTC (permalink / raw)
  To: netfilter-devel

hi all

a netfilter kernel module hoot at PREROUTING
and forward packet
---------------------------
......

decide outgoing path

......
ip_forward(sk_buff)
return NF_STOLEN
--------------------------

iptables -t mangle -A FORWARD -s 192.168.1.0 -j MARK --set-mark 0xa

traffic never match rule in FORWARD chain
any function can make traffic through FORWARD chain

thanks for any advice

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Netfilter kernel module hook at PREROUTING forward packet use ip_forward(sk_buff)
  2010-11-18 10:48 Netfilter kernel module hook at PREROUTING forward packet use ip_forward(sk_buff) Dong-Yuan Shih
@ 2010-11-18 11:50 ` Jan Engelhardt
  0 siblings, 0 replies; 2+ messages in thread
From: Jan Engelhardt @ 2010-11-18 11:50 UTC (permalink / raw)
  To: Dong-Yuan Shih; +Cc: netfilter-devel

On Thursday 2010-11-18 11:48, Dong-Yuan Shih wrote:

>hi all
>
>a netfilter kernel module hoot at PREROUTING
>and forward packet
>---------------------------
>......
>
>decide outgoing path
>
>......
>ip_forward(sk_buff)
>return NF_STOLEN
>--------------------------
>
>iptables -t mangle -A FORWARD -s 192.168.1.0 -j MARK --set-mark 0xa
>
>traffic never match rule in FORWARD chain
>any function can make traffic through FORWARD chain
>
>thanks for any advice


42.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-11-18 11:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-11-18 10:48 Netfilter kernel module hook at PREROUTING forward packet use ip_forward(sk_buff) Dong-Yuan Shih
2010-11-18 11:50 ` Jan Engelhardt

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.