Re: What dose 'general protection fault: 0000' mean?

From: Gilad Ben-Yossef (gilad@benyossef.com)
Date: Tue Jun 11 2002 - 09:40:09 EST


On Tue, 2002-06-11 at 10:46, Wang Hui wrote:

> As you mentioned in your mail, you suggested me to make a Netfilter module
> to realize what I want. In fact, it is really a good choice. But as to
> my case, I have to modify the outgoing IP packet header. And after the
> modification, the outgoing IP packet's header will become a none-IP
> header( as defined in RFC 3095). So I dont know if this kind of
> modified packet could still traverse the netfilter chains? Will the
> kernel drop this 'strange header' packet (for the kernel cannot
> understand this kind of none-IP header)? Or say, where should I put my
> modification module in the netfilter chain as to avoid this dropping??

I understand completly the problem of not being able to *continue*
traversing the netfilter path because of the sk_buff no longer
containing a valid IP packet.

My suggestion is to use the netfilter (or even better iptables) system
to 'harvest' the packets, modify them and then do whatever needs to be
done to transmit them.

AFAIK RFC3095 has several modes of operations and only with some of them
the end result is a non IP packet where in the others the it is an
encapsulating IP packet. When you harvest the packet using
netfilter/iptables you can re-inject those packets to the stack if it is
apropriate (the end result in an IP packet) or directly to the transmit
queue of the device (when it isn't).

Aoother advantage of my suggestion is that you don't need to *alter* the
dev struct, so you don't need to worry about the race and other
conditions that are involved with such a thing.

It'll also enable you do neat tricks like use RFC3095 only for a
specific stream while leaving all the rest intact. Whether this actually
makes sense or not I don't know.

> To clearify my problem, I would like to draw a small picture here:
> [kernel ipv6 packet output] --> [My Module: modify the IP header to be a
> nono-IP header] --> [ put it to the device output queue to sent out]

To clarify my suggestion, I'm thinking of:

[ IP stack ] -> [Netfilter/iptables hook ] -> [Your module] if IP packet
-> [ IP stack] else -> [ device xmit queue ]

Gilad.

-- 
Gilad Ben-Yossef <gilad@benyossef.com>
Code mangler, senior coffee drinker and VP SIGSEGV
Qlusters ltd.

"A billion flies _can_ be wrong - I'd rather eat lamb chops than shit." -- Linus Torvalds on lkml

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Jun 15 2002 - 22:00:22 EST