摘录


3.1.  Netfilter Base

Now we have an example of netfilter for IPv4, you can see when each hook is activated. This is the essence of netfilter.

Kernel modules can register to listen at any of these hooks. A module that registers a function must specify the priority of the function within the hook; then when that netfilter hook is called from the core networking code, each module registered at that point is called in the order of priorites, and is free to manipulate the packet. The module can then tell netfilter to do one of five things:

  1. NF_ACCEPT: continue traversal as normal.

  2. NF_DROP: drop the packet; don't continue traversal.

  3. NF_STOLEN: I've taken over the packet; don't continue traversal.

  4. NF_QUEUE: queue the packet (usually for userspace handling).

  5. NF_REPEAT: call this hook again.

点评

注意NF_STOLEN和NF_DROP的区别。

原文

点击这里查看原文

其它

本帖内容由21QA云收藏工具自动生成,欢迎使用。

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055

asked 10 Jun '15, 19:20

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131639794887

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link: [text](http://url.com/ "title")
  • image: ![alt](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×894
×6

question asked: 10 Jun '15, 19:20

question was seen: 789 times

last updated: 10 Jun '15, 19:20

powered by O*S*Q*A

粤ICP备14040061号-1