Linux Magazine: GearHeads Only: Writing a Module for netfilter
Sep 17, 2000, 13:10 (0 Talkback[s])
(Other stories by Paul "Rusty" Russell)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"With Linux 2.4 right around the corner, now would be a very
good time to discuss the new packet observation and filtering
mechanism that were introduced during the 2.3 kernel development,
which is called netfilter...."
"netfilter is a framework inside the kernel that allows a module
to observe and modify packets as they pass through the IP stack.
Well, since I wrote that article in January, netfilter hooks have
been added to the IPv6 (the next-generation of IP) and DECnet (a
more obscure protocol) layers that are similar to those described
here for IPv4."
"Inside the kernel you will see calls such as the following
throughout the protocol code (this is from ip_local_
deliver() in net/ipv4/ip_input.c):
return NF_HOOK(PF_INET, NF_IP_LOCAL_IN,
skb, skb->dev, NULL,