Difference between revisions of "GSOC2009Netfilter"

Revision as of 20:30, 27 July 2009

Hooks

Hooks are places in the IP stack where a packet is handed over to the netfilter framework. There are five such places.

NF_INET_PRE_ROUTING

When a packet is received by a node, this hook is the first one to receive the packet. As the name implies, an incoming packet is processed by this hook even before a routing decision determines whether or not the packet is destined for the current node.

In case of destination Network Address Translation, the destination IP address should be changed at this hook so that the routing decision can send the packet to the correct interface.

In the ns-3 IP stack, this hook is placed in Ipv4L3Protocol::Receive method.

NF_INET_LOCAL_IN

The incoming packets that have the destination IP address of the node receiving the packet traverse this hook. Typically, this happens after the routing decision determines that Ipv4L3Protocol::LocalDeliver callback should be invoked.

NF_INET_FORWARD

This is meant for packets that are destined for nodes other than the one currently receiving the packet. Packets will traverse this hook if the node receiving the packet is acting as a router. Currently, this hook has not been added to the ns-3 IP stack.

NF_INET_LOCAL_OUT

Packets that are created and sent out by a node traverse this hook. This is only meant for outgoing packets. This hook is placed before a routing decision has been made regarding an outgoing packet. ransla

NF_INET_POST_ROUTING

This is the last hook on the outgoing path. Outgoing packets traverse this hook after a routing decision has been made. Source Network Address Translation (SNAT) is performed at this hook.