When Netfilter performes filtering in TCP/IP kernel network stack?

sarah sh

10/22/22, 1:15 PM

I have a question about where the Netfilter is placed in the network stack in the Linux kernel.

I know that it is Network layer, netfilter and then TCP layer. In fact, after decapsulating the packet in IP layer in the kernel, it will be parsed by Netfilter and then it will be decapsulated in TCP. So I am wondering how it can filter the packets based on port number as it is in TCP header.

1 + 0

linux

iptables

tcp

linux-networking

Score:2

Server

Tero Kilkanen

10/22/22, 1:34 PM

Netfilter does not route packets, routing takes place in separate part of the network stack.

https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg shows the packet flow in the Netfilter subsystem.

Internally Netfilter operates on skb structures, which contain either L2 frames or L3 packets and associated metadata.

0 + 2

sarah sh

10/22/22, 1:49 PM

Thanks for your reply. But I am wondering how packet filtering based on the port will happen? I mean, if we consider the path that a packet goes through network stack in the kernel to reach to the application, where exactly packet filtering is happening? after tcp layer? after IP layer?

Tero Kilkanen

10/23/22, 3:24 PM

It happens on multiple locations on the packet processing path as shown by the diagram. There is no simple answer like "after TCP" or "after IP". For example, the network stack doesn't do any TCP processing if connection endpoint isn't the system itself.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: When Netfilter performes filtering in TCP/IP kernel network stack?

TH: เมื่อ Netfilter ดำเนินการกรองในสแต็กเครือข่ายเคอร์เนล TCP/IP

RO: Când Netfilter efectuează filtrarea în stiva de rețea a nucleului TCP/IP?

RU: Когда Netfilter выполняет фильтрацию в сетевом стеке ядра TCP/IP?

VI: Khi Netfilter thực hiện lọc trong ngăn xếp mạng hạt nhân TCP/IP?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.