netdev
[Top] [All Lists]

Re: Debug kernel network hook chain or why has Check Point Firewall modu

To: Andi Kleen <ak@xxxxxxx>
Subject: Re: Debug kernel network hook chain or why has Check Point Firewall module problems with IPv6
From: "Peter Bieringer" <pb@xxxxxxxxxxxx>
Date: Mon, 22 Apr 2002 08:53:45 GMT
Cc: Peter Bieringer <pb@xxxxxxxxxxxx>, Maillist netdev <netdev@xxxxxxxxxxx>
In-reply-to: <20020422092252.A17861@wotan.suse.de>
References: <22830000.1019458033@localhost> <20020422092252.A17861@wotan.suse.de>
Sender: owner-netdev@xxxxxxxxxxx
Hi Andi,

thanks for fast answering, need only a short explanation now:

Andi Kleen writes:

> On Mon, Apr 22, 2002 at 08:47:13AM +0200, Peter Bieringer wrote:
> > Looks like CP never sees (or recognizes) packets leaving the
> > firewalled host from a dual-stack application.
> 
> Linux has no "generic" firewall hooks, only protocol specific ones.  
> Checkpoint is probably using the v4 specific ones only.
> Other protocols can be received (by registering a protocol to ETH_P_ALL via
> SOCK_PACKET or in the kernel), but not stolen from protocol handlers. 

Is such IPv4 hook not seeing packets leaving a dual-stack application like
openssh? Is there any scheme (the way such packet takes) available for
visualisation.

TIA,
 Peter

<Prev in Thread] Current Thread [Next in Thread>