I have two hooks in the netfilter framework.
One at NF_IP_PRE_ROUTING for incoming packets and other at NF_IP_LOCAL_OUT for outgoing packets.
Outgoing packets:
Now, all IPv4 Packets sent out from particular IP address, is encapsulated in another IPv4-UDP Packet.
I use pskb_expand_head API to have more headroom for encapsulation. And, then with ip_route_output_key to find the appropriate rtable. Using rtable, I reassign skb->dst and skb->dev. And, then I just go ahead and accept the packet using NF_ACCEPT.
skb_dst_drop(skb);
skb_dst_set(skb, &rt->dst);
skb->dev = skb_dst(skb)->dev;
Incoming packets:
Now, all Encapsulated Packets are received and are identified based on port number.
And, the encapsulation (IP+UDP+XYZ HEADER) is pulled out. And similar to outgoing packet
I use ip_route_output_key to get the rt(rtable).
Using rtable reassign skb->dst and skb->dev. And then i accept the packet with NF_ACCEPT
So, it happens that i also receive the defrags incoming packets, i am in bit of confusion how are they supposed to be dealt with.
I would want defrag packets to be queued and later receive the entire packet. Any ideas on that. I have been going through the functions available
ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER);
But this seems like to be used for assembling packets in NF_IP_LOCAL_IN stage, but the i want the assembled packet in NF_IP_PRE_ROUING stage.
Any help on this will be appreciated.
