View file

File name : netfilter-hacking-HOWTO-6.html

Content :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.82">
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <TITLE>Linux netfilter Hacking HOWTO: Netfilter Hooks for Tunnel Writers</TITLE>
 <LINK HREF="netfilter-hacking-HOWTO-7.html" REL=next>
 <LINK HREF="netfilter-hacking-HOWTO-5.html" REL=previous>
 <LINK HREF="netfilter-hacking-HOWTO.html#toc6" REL=contents>
</HEAD>
<BODY>
<A HREF="netfilter-hacking-HOWTO-7.html">Next</A>
<A HREF="netfilter-hacking-HOWTO-5.html">Previous</A>
<A HREF="netfilter-hacking-HOWTO.html#toc6">Contents</A>
<HR>
<H2><A NAME="s6">6.</A> <A HREF="netfilter-hacking-HOWTO.html#toc6">Netfilter Hooks for Tunnel Writers</A></H2>

<P>Authors of tunnel (or encapsulation) drivers should follow two
simple rules for the 2.4 kernel (as do the drivers inside the kernel,
like net/ipv4/ipip.c):</P>
<P>
<UL>
<LI>Release skb->nfct if you're going to make the packet unrecognisable
(ie. decapsulating/encapsulating).  You don't need to do this if you
unwrap it into a *new* skb, but if you're going to do it in place, you
must do this.

<P>Otherwise: the NAT code will use the old connection tracking
information to mangle the packet, with bad consequences.</P>

</LI>
<LI>Make sure the encapsulated packets go through the LOCAL_OUT
hook, and decapsulated packets go through the PRE_ROUTING hook (most
tunnels use ip_rcv(), which does this for you).

<P>Otherwise: the user will not be able to filter as they expect to with
tunnels.</P>
</LI>
</UL>
</P>

<P>The canonical way to do the first is to insert code like the
following before you wrap or unwrap the packet:</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
        /* Tell the netfilter framework that this packet is not the
          same as the one before! */
#ifdef CONFIG_NETFILTER
        nf_conntrack_put(skb->nfct);
        skb->nfct = NULL;
#ifdef CONFIG_NETFILTER_DEBUG
        skb->nf_debug = 0;
#endif
#endif
</PRE>
</CODE></BLOCKQUOTE>
</P>

<P>Usually, all you need to do for the second, is to find where the
newly encapsulated packet goes into "ip_send()", and replace it with
something like:</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
        /* Send "new" packet from local host */
        NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, ip_send);
</PRE>
</CODE></BLOCKQUOTE>
</P>

<P> Following these rules means that the person setting up the packet
filtering rules on the tunnel box will see something like the
following sequence for a packet being tunnelled:</P>
<P>
<OL>
<LI> FORWARD hook: normal packet (from eth0 -> tunl0)</LI>
<LI> LOCAL_OUT hook: encapsulated packet (to eth1).</LI>
</OL>
</P>
<P>And for the reply packet:
<OL>
<LI> LOCAL_IN hook: encapsulated reply packet (from eth1)</LI>
<LI> FORWARD hook: reply packet (from eth1 -> eth0).</LI>
</OL>
</P>

<HR>
<A HREF="netfilter-hacking-HOWTO-7.html">Next</A>
<A HREF="netfilter-hacking-HOWTO-5.html">Previous</A>
<A HREF="netfilter-hacking-HOWTO.html#toc6">Contents</A>
</BODY>
</HTML>

DATA DRIVEN ECOMMERCE

Ready to improve your ecommerce business’ performance?

Get better lead generation, engagement and enhanced ROI with a more customer centered approach.

See our services

Take this quiz

Services

Our Services

Let us help boost your internet exposure, turn more visitors into clients, save your time and increase your revenue. We’ve got a range of products and services to help you reach your goal.

For more information, click the one which suits your needs.

Build Optimise Serve Systemise
Build

Build your ecommerce website

“A website is a window through which your business says hello to the world.”

Learn more

Optimise

Optimise your website and other online platforms

“Google only loves you when everyone else loves you first.” ~ Wendy Piersall

Learn more

Serve

Serve and engage your audience

Provide them with the best services and make them loyal fans of your products.

Learn more

Systemise

Apply a systemised approach

Systemise and set up your actionable metrics by creating a Growth Scorecard.

Learn more

Build your ecommerce website

“A website is a window through which your business says hello to the world.”

Learn more

Optimise your website and other online platforms

“Google only loves you when everyone else loves you first.” ~ Wendy Piersall

Learn more

Serve and engage your audience

Provide them with the best services and make them loyal fans of your products.

Learn more

Apply a systemised approach

Systemise and set up your actionable metrics by creating a Growth Scorecard.

Learn more

metaverse marketing

Strategy

Boost your online sales

Providing an immersive experience

As Web3 is gradually gaining a foothold on the web, we’ve also structured our marketing solutions and strategies with you in mind. You tell us what you want to achieve and we will run an analysis of your ecommerce business in order to give you pointers on what to improve on, in order to boost your sales.

Not only that, we also offer done for you services, geared towards relieving you of the burden of having to figure things out by yourself.

Learn More

Latest Posts

Testimonials

What People Are Saying

Eva and I met at personal development course and renmained in contact. Over the years, I was fascinated by the care, compassion and energy she put into everything she does. She’s always there for you supporting and giving ideas to help you to carry on in whatever you are engage with.
Even though is she quite technical, she is nurturing and doen’t zoom straight into the technology part of it until necessary. She helped me to clearly identify my customer’s avatar and product pathways. Her step-by-step advice was invaluable as we embarked on the technical implementation itself.

Johanna Tresierra
Educator, Spanish Mentor and Entrepreneur, SpanishwithJo Ltd
I was referred to Eva by a friend. After our discussion, I took the opportunity to work with her to grow my business online and increase my revenue especially since I did not consider myself to be very technical and wanted a very personalised service.
Previously, I mainly showcased my products at in person events and definitely had to pivot my business online due to lockdown-Covid-19. Since working with Eva, I have launched some of my products on Amazon and we are now working on a Q4 promotion plan to add a subscription model to my business. Eva offers a personalised service including a hand holding teaching/mentoring approach which I vitally need at this stage in my business.

Jacalyn Belgrave
Owner, Ndulge Skincare Products Ltd

Like what you’ve seen so far?

Let’s Talk!

Click here

Gel4y Mini Shell

View file

Ready to improve your ecommerce business’ performance?

Services

Our Services

Strategy

Boost your online sales

Providing an immersive experience

Latest Posts

Testimonials

What People Are Saying

Like what you’ve seen so far?

Let’s Talk!