Linux 2.6.14 Netfilter Framework分析 By hooks
关键词:
Linux Netfilter
1. functions hooked on NF_IP_PRE_ROUTING
Module
| Priority
| Value
| Function
|
conntrack
| NF_IP_PRI_CONNTRACK_DEFRAG
| -400
| ip_conntrack_defrag
|
raw
| NF_IP_PRI_RAW
| -300
| ipt_hook
|
conntrack
| NF_IP_PRI_CONNTRACK
| -200
| ip_conntrack_in
|
mangle
| NF_IP_PRI_MANGLE
| -150
| ipt_route_hook
|
nat
| NF_IP_PRI_NAT_DST
| -100
| ip_nat_in
|
2. functions hooked on NF_IP_POST_ROUTING
Module
| Priority
| Value
| Function
|
mangle
| NF_IP_PRI_MANGLE
| -150
| ipt_route_hook
|
nat
| NF_IP_PRI_NAT_SRC
| 100
| ip_nat_out
|
conntrack
| NF_IP_PRI_CONNTRACK_HELPER
| INT_MAX-2
| ip_conntrack_help
|
nat
| NF_IP_PRI_NAT_SEQ_ADJUST
| INT_MAX-1
| ip_nat_adjust
|
conntrack
| NF_IP_PRI_CONNTRACK_CONFIRM
| INT_MAX
| ip_refrag
|
3. functions hooked on NF_IP_LOCAL_IN
Module
| Priority
| Value
| Function
|
mangle
| NF_IP_PRI_MANGLE
| -150
| ipt_route_hook
|
filter
| NF_IP_PRI_FILTER
| 0
| ipt_hook
|
nat
| NF_IP_PRI_NAT_SRC
| 100
| ip_nat_fn
|
nat
| NF_IP_PRI_NAT_SEQ_ADJUST
| INT_MAX-1
| ip_nat_adjust
|
conntrack
| NF_IP_PRI_CONNTRACK_HELPER
| INT_MAX-2
| ip_conntrack_help
|
conntrack
| NF_IP_PRI_CONNTRACK_CONFIRM
| INTMAX
| ip_confirm
|
4. functions hooked on NF_IP_LOCAL_OUT
Module
| Priority
| Value
| Function
|
conntrack
| NF_IP_PRI_CONNTRACK_DEFRAG
| -400
| ip_conntrack_defrag
|
raw
| NF_IP_PRI_RAW
| -300
| ipt_hook
|
conntrack
| NF_IP_PRI_CONNTRACK
| -200
| ip_conntrack_local
|
mangle
| NF_IP_PRI_MANGLE
| -150
| ipt_local_hook
|
nat
| NF_IP_PRI_NAT_DST
| -100
| ip_nat_local_fn
|
filter
| NF_IP_PRI_FILTER
| 0
| ipt_local_out_hook
|
5. functions hooked on NF_IP_FORWARD
Module
| Priority
| Value
| Function
|
mangle
| NF_IP_PRI_MANGLE
| -150
| ipt_route_hook
|
filter
| NF_IP_PRI_FILTER
| 0
| ipt_hook
|