iptable nf_inet_hooks

Netfilter places

从上网络包发送接受流程图中看出,可以在不同的地方注册Nefilter的hook函数.由如下定义:

enum nf_inet_hooks {
NF_INET_PRE_ROUTING, //0
NF_INET_LOCAL_IN,
NF_INET_FORWARD,
NF_INET_LOCAL_OUT,
NF_INET_POST_ROUTING, //4
NF_INET_NUMHOOKS
};
NF_INET_PRE_ROUTING: incoming packets pass this hook in the ip_rcv() (linux/net/ipv4/ip_input.c) function before they are processed by the routing code.
NF_INET_LOCAL_IN: all incoming packets addressed to the local computer pass this hook in the function ip_local_deliver().
NF_INET_FORWARD: incoming packets are passed this hook in the function ip_forwared().
NF_INET_LOCAL_OUT: all outgoing packets created in the local computer pass this hook in the function ip_build_and_send_pkt().
NF_INET_POST_ROUTING: this hook in the ipfinishoutput() function before they leave the computer.