On Wed, 7 Mar 2007 10:53:12 +0100
Simone84bo <[EMAIL PROTECTED]> wrote:
> Hi all,
> Can someone say me the theoretic way of packet in the kernel.
Perhaps this diagram can help you:
http://l7-filter.sourceforge.net/PacketFlow.png
I'll attach another one in asciiart I picked from somewhere (maybe
this list itself).
> When the packet will be send to a IMQ device?
> When the packet arrives to post routing time?
> When operation of NAT occur? befor or later that the packet will send
> to net device?
When loading imq module, my kernel says:
IMQ starting with 2 devices...
IMQ driver loaded successfully.
Hooking IMQ before NAT on PREROUTING.
Hooking IMQ after NAT on POSTROUTING.
This is the default option, but you can choose from all 4 options at
compile time:
CONFIG_IMQ=m
# CONFIG_IMQ_BEHAVIOR_AA is not set
# CONFIG_IMQ_BEHAVIOR_AB is not set
CONFIG_IMQ_BEHAVIOR_BA=y
# CONFIG_IMQ_BEHAVIOR_BB is not set
Kernel Packet Traveling Diagram
Network
-----------+-----------
|
+--------------------------+
+-------+-------+ +---------+---------+
| IPCHAINS | | IPTABLES |
| INPUT | | PREROUTING |
+-------+-------+ | +-------+-------+ |
| | | conntrack | |
| | +-------+-------+ |
| | | mangle | | <- MARK WRITE
| | +-------+-------+ |
| | | IMQ | |
| | +-------+-------+ |
| | | nat | | <- DEST REWRITE
| | +-------+-------+ | DNAT or REDIRECT
or DE-MASQUERADE
| +---------+---------+
+------------+-------------+
|
+-------+-------+
| QOS |
| INGRESS |
+-------+-------+
|
packet is for +-------+-------+ packet is for
this machine | INPUT | another address
+--------------+ ROUTING +--------------+
| | + PDBB | |
| +---------------+ |
+-------+-------+ |
| IPTABLES | |
| INPUT | |
| +-----+-----+ | |
| | mangle | | |
| +-----+-----+ | |
| | filter | | |
| +-----+-----+ | |
+-------+-------+ |
| +---------------------------+
+-------+-------+ | |
| Local | +-------+-------+ +-------+-------+
| Process | | IPCHAINS | | IPTABLES |
+-------+-------+ | FORWARD | | FORWARD |
| +-------+-------+ | +-----+-----+ |
+-------+-------+ | | | mangle | |
<- MARK WRITE
| OUTPUT | | | +-----+-----+ |
| ROUTING | | | | filter | |
+-------+-------+ | | +-----+-----+ |
| | +-------+-------+
+-------+-------+ | |
| IPTABLES | +---------------------------+
| OUTPUT | |
| +-----------+ | |
| | conntrack | | |
| +-----+-----+ | |
| | mangle | | <- MARK WRITE |
| +-----+-----+ | |
| | nat | | <-DEST REWRITE |
| +-----+-----+ | DNAT or REDIRECT |
| | filter | | |
| +-----+-----+ | |
+-------+-------+ |
| |
+----------------------+----------------------+
|
+------------+------------+
| |
+-------+-------+ +---------+---------+
| IPCHAINS | | IPTABLES |
| OUTPUT | | POSTROUTING |
+-------+------- | +-------+-------+ |
| | | mangle | | <- MARK WRITE
| | +-------+-------+ |
| | | nat | | <- SOURCE REWRITE
| | +-------+-------+ | SNAT or MASQUERADE
| | | IMQ | |
| | +-------+-------+ |
| +---------+---------+
+------------+------------+
|
+------+------+
| QOS |
| EGRESS |
+------+------+
|
-----------+-----------
Network
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
