Hi, is there a full diagram of the whole path of the PACKET trought the linux-kernel i.e something like this : http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-6.html but including the all the stuff that got touched from "ip(route)", "iptables", "tc" and the desicion making for choosing the correct path .... If there is someone to explain it I will draw it if nececary :") raptor@unacs.bg _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 22 July 2002 21:41, raptor@unacs.bg wrote:> Hi, > > is there a full diagram of the whole path of the PACKET trought the > linux-kernel i.e something like this : > http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet- >filtering-HOWTO.linuxdoc-6.html > > but including the all the stuff that got touched from "ip(route)", > "iptables", "tc" and the desicion making for choosing the correct path .... > If there is someone to explain it I will draw it if nececary :")I have a drawing that was posted once on this list. You can find it on www.docum.org under KPTD. Plz feel free to send me updates. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello! I have made one diagram for the IPv6 stack if that interests anybody, for download at: www.sics.se/~gabriel/funccalls.pdf The Netfilter hooks are marked out as well, on this diagram. Cheers! /gabriel On Mon, 22 Jul 2002 raptor@unacs.bg wrote:> > > > Hi, > > is there a full diagram of the whole path of the PACKET trought the linux-kernel i.e something like this : > http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-6.html > > but including the all the stuff that got touched from "ip(route)", "iptables", "tc" and the desicion making for choosing the correct path .... If there is someone to explain it I will draw it if nececary :") > > raptor@unacs.bg > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
| |I have a drawing that was posted once on this list. You can find it on |www.docum.org under KPTD. Plz feel free to send me updates. OK. I''ve made the diagram in Dia (attached). U can easly export it in any format (any linux distro have Dia, i think)... I made some changes may be they are wrong, pls correct me... I thought that all "mangle" and "nat" stuff should be "IPTABLES", and all "ipchains" suff should go away !! ? - What is "mark-rewrite" ?! - there is something which have to be added somewhere around "forwarding", can''t figure out what/where ?! Pls do it, or tell me i wil do it? - in my opinion (6a.3) output-routing should go at the place of (7) !!! ''m I right ? raptor@unacs.bg
On Tuesday 23 July 2002 20:27, raptor@unacs.bg wrote:> |I have a drawing that was posted once on this list. You can find it on > |www.docum.org under KPTD. Plz feel free to send me updates. > > OK. I''ve made the diagram in Dia (attached). U can easly export it in any > format (any linux distro have Dia, i think)... > > I made some changes may be they are wrong, pls correct me... I thought that > all "mangle" and "nat" stuff should be "IPTABLES", and all "ipchains" suff > should go away !! ?Ipchains is still available in the 2.4 kernel.> - What is "mark-rewrite" ?!Don''t know.> - there is something which have to be added somewhere around "forwarding", > can''t figure out what/where ?! Pls do it, or tell me i wil do it? - in my > opinion (6a.3) output-routing should go at the place of (7) !!! ''m I right > ?Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
|> I made some changes may be they are wrong, pls correct me... I thought that |> all "mangle" and "nat" stuff should be "IPTABLES", and all "ipchains" suff |> should go away !! ? |Ipchains is still available in the 2.4 kernel. ]- Yes but it is just module that runs on top of iptables, afaik ? i.e. it uses iptables infrastructure raptor@unacs.bg _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tuesday 23 July 2002 21:29, raptor@unacs.bg wrote:> |> I made some changes may be they are wrong, pls correct me... I thought > |> that all "mangle" and "nat" stuff should be "IPTABLES", and all > |> "ipchains" suff should go away !! ? > | > |Ipchains is still available in the 2.4 kernel. > > ]- Yes but it is just module that runs on top of iptables, afaik ? i.e. it > uses iptables infrastructureMhh. I''m not a kernel specialist, but I thought there was still some ipchains code in the 2.4 kernel. Staf -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi. You wrote: > OK. I''ve made the diagram in Dia (attached). U can easly export it in any format > (any linux distro have Dia, i think)... Could you post your diagram in ascii? > I made some changes may be they are wrong, pls correct me... I thought that all > "mangle" and "nat" stuff should be "IPTABLES", and all "ipchains" suff should go > away !! ? As I understand there is some ipchains original code running on iptables; but not iptables code to emulate ipchains behavior, just ipchains filter code. Have a look to LARTC digest, Vol 1 #641, #642, #651, #652 and #655. > - What is "mark-rewrite" ?! It would be better "mark-write". It''s mark packet writing in mangle table (fwmark). This mark survive just inside host or router that makes the mark (the packet is not really marked when it leaves the router). > - there is something which have to be added somewhere around "forwarding", can''t > figure out what/where ?! Pls do it, or tell me i wil do it? > - in my opinion (6a.3) output-routing should go at the place of (7) !!! > ''m I right ? I haven''t your diagram. BTW, diagram misses some hooks (must be added): conntrack PREROUTING just before mangle PREROUTING. conntrack INPUT after filter INPUT but before LOCAL PROCESS. mangle INPUT after conntrack INPUT also before LOCAL PROCESS. mangle FORWARD before filter FORWARD. conntrack OUTPUT before mangle OUTPUT but after OUTPUT ROUTING. mangle POSTROUTING before nat POSTROUTING. conntrack POSTROUTING after nat POSTROUTING but before QOS EGRESS. when discussion matures I will post this changes to Stef. Best regards, Leonardo Balliache _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Dia has no ASCII export so I''m posting compressed .png |Hi. | |You wrote: | | > OK. I''ve made the diagram in Dia (attached). U can easly export it in |any format > (any linux distro have Dia, i think)... | |Could you post your diagram in ascii? |