I have a kernel application (firewall driver) which wants to be able to
tell if, for example, the packet I am looking at in the output chain is the
same one that came in on the input chain. With masquerading/
port-forwarding and other header-rewriting tricks which happen outside the
driver, this is quite hard to tell. Perhaps I am looking at a packet that
needs to be forwarded, perhaps I am looking at a packet which originated on
the firewall itself. A simple idea I had to determine this is to export a
counter for iterations of the packet-processing loop in the net_bh(). Upon
every entry, the counter is incremented. When I see a packet in the input
chain, I save the counter. When in the output chain, if the counter hasn't
incremented, I know this is the same packet. This assumes that only one
packet can be in flight at a time, which is true for 2.0 but may not be in
2.2 or later(?)
What are your thoughts? Is this a stupid idea or does it have merit? Is
there a better way to solve this problem?
thanks,
-bp
-- # bryan at terran dot org # http://www.terran.org/~bryan
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/