Score:0

When Netfilter performes filtering in TCP/IP kernel network stack?

ng flag

I have a question about where the Netfilter is placed in the network stack in the Linux kernel.

I know that it is Network layer, netfilter and then TCP layer. In fact, after decapsulating the packet in IP layer in the kernel, it will be parsed by Netfilter and then it will be decapsulated in TCP. So I am wondering how it can filter the packets based on port number as it is in TCP header.

Score:2
us flag

Netfilter does not route packets, routing takes place in separate part of the network stack.

https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg shows the packet flow in the Netfilter subsystem.

Internally Netfilter operates on skb structures, which contain either L2 frames or L3 packets and associated metadata.

ng flag
Thanks for your reply. But I am wondering how packet filtering based on the port will happen? I mean, if we consider the path that a packet goes through network stack in the kernel to reach to the application, where exactly packet filtering is happening? after tcp layer? after IP layer?
us flag
It happens on multiple locations on the packet processing path as shown by the diagram. There is no simple answer like "after TCP" or "after IP". For example, the network stack doesn't do any TCP processing if connection endpoint isn't the system itself.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.