Date: Tue, 14 Nov 2017 12:49:32 -0500 From: Jonathan Suever <suever@gatech.edu> To: freebsd-ipfw@freebsd.org Subject: Evaluating POSTROUTING hooks on packets after they leave dummynet Message-ID: <CACuTf=dS8HmZrCfDZcLbZ6H=F-BwHkqvN_=nVLebQGRX67xUNw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm using dummynet/ipfw for Linux on Ubuntu 14.04. I am trying to setup a netfilter POSTROUTING hook that will be evaluated after packets pass through dummynet. The POSTROUTING hook is set to have a lower priority than dummynet, so I would imagine that it would be evaluated after dummynet reinjects the packet into netfilter. I don't have any problems when I don't configure any dummynet rules (IPFW seems to be reinjecting the packet the way I'd expect). Once I add any delays, bandwidth constraints, or packet loss, then the packets never reach the POSTROUTING hook. In digging into the dummynet source to figure out what's going on, I realized that dummynet is reinjecting the packets into netfilter with the NF_STOP flag <https://github.com/luigirizzo/dummynet/blob/e717cdd4bef764a4aa7babedc54220b35b04c777/kipfw/ipfw2_mod.c#L624>. As a result, it seems that the rest of the netfilter hooks registered with POSTROUTING are not being evaluated for this packet. If I change the flag to NF_ACCEPT, then the rest of the POSTROUTING hooks are evaluated as I expected. What is the reason to use NF_STOP over NF_ACCEPT in this particular case? Is there any downside to replacing it with NF_ACCEPT for my use case or is there a more elegant way. For reference, NF_STOP *used* to be defined as NF_ACCEPT in older kernel versions <https://github.com/luigirizzo/dummynet/blob/e717cdd4bef764a4aa7babedc54220b35b04c777/kipfw/ipfw2_mod.c#L424>; . Any insight would be greatly appreciated! Thanks, Jonathan _________________________________ Jonathan Suever, PhD Magnetic Resonance Research Center Department of Biomedical Engineering/Bioengineering, Georgia Institute of Technology
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACuTf=dS8HmZrCfDZcLbZ6H=F-BwHkqvN_=nVLebQGRX67xUNw>