Info

enum nf_ip_hook_priorities {

NF_IP_PRI_FIRST = INT_MIN, NF_IP_PRI_CONNTRACK_DEFRAG = -400, NF_IP_PRI_RAW = -3 00, NF_IP_PRI_SELINUX_FIRST = -225, NF_IP_PRI_CONNTRACK = -200, NF_IP_PRI_MANGLE = -150, NF_IP_PRI_NAT_DST = -100, NF_IP_PRI_FILTER = 0, NF_IP_PRI_NAT_SRC = 100, NF_IP_PRI_SELINUX_LAST = 225, NF_IP_PRI_CONNTRACK_HELPER = INT_MAX - 2,

NF_IP_PRI_NAT_SEQ_ADJUST = INT_MAX - 1, NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX, NF_IP_PRI_LAST = INT_MAX,

This ensures, for example, that mangling of packet data is always performed before any filter operations.

The appropriate list can be selected from the nf_hook array by reference to the protocol family and hook number. Work is then delegated to nf_iterate, which traverses the list elements and invokes the hook functions.

Continue reading here: Activating the Hook Functions

Was this article helpful?

0 0