Re: Debug kernel network hook chain or why has Che: msg#00125

Re: Debug kernel network hook chain or why has Check Point Firewall module : msg#00125

Subject:	Re: Debug kernel network hook chain or why has Check Point Firewall module problems with IPv6

Hi Andi,

thanks for fast answering, need only a short explanation now:

Andi Kleen writes:

> On Mon, Apr 22, 2002 at 08:47:13AM +0200, Peter Bieringer wrote:
> > Looks like CP never sees (or recognizes) packets leaving the
> > firewalled host from a dual-stack application.
> 
> Linux has no "generic" firewall hooks, only protocol specific ones.  
> Checkpoint is probably using the v4 specific ones only.
> Other protocols can be received (by registering a protocol to ETH_P_ALL via
> SOCK_PACKET or in the kernel), but not stolen from protocol handlers. 

Is such IPv4 hook not seeing packets leaving a dual-stack application like
openssh? Is there any scheme (the way such packet takes) available for
visualisation.

TIA,
 Peter

Previous by Date:	Re: Debug kernel network hook chain or why has Check Point Firewall module problems with IPv6, Andi Kleen
Next by Date:	Re: Debug kernel network hook chain or why has Check Point Firewall module problems with IPv6, Andi Kleen
Previous by Thread:	Re: Debug kernel network hook chain or why has Check Point Firewall module problems with IPv6, Andi Kleen
Next by Thread:	Re: Debug kernel network hook chain or why has Check Point Firewall module problems with IPv6, Andi Kleen
Indexes:	[Date] [Thread] [Top] [All Lists]