31 May 2009 10:23
Re: Netfilter module name oddity
Hello, All this is true, but I just want to add these two points: In Ira mail, he mentions many modules which start with xt_* like: 10809 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_connmark.ko 12079 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_CONNMARK.ko 10066 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_dscp.ko 11193 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_DSCP.ko 9885 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_mark.ko 10903 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_MARK.ko 10137 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_rateest.ko 13381 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_RATEEST.ko 9193 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_tcpmss.ko 12506 /lib/modules/2.6.26-1-amd64/kernel/net/netfilter/xt_TCPMSS.ko First, it is true also for these modules, that when you see lower case it is a matching module, and when you see upper case it is a target module. (most of them, if not all, have also MODULE_ALIAS to a corresponding ipt_*.) And second: there are no ipt_* modules under net/netfilter; only xt_* modules. the difference between the ipt_* modules, which reside under net/ipv4/netfilter (like net/ipv4/netfilter/ipt_ecn.c, net/ipv4/netfilter/ipt_ECN.c, net/ipv4/netfilter/ipt_LOG.c and more) and the xt_* modules under net/netfilter is that (naturally) the ipt_* modules under net/ipv4/netfilter handle only IPV4 packets (The family member of the target (xt_target) or of the match (xt_match) is NFPROTO_IPV4), while the xt_* modules (under /net/netfilter) support is not limited to IPV4 (They have usually NFPROTO_UNSPEC or have targets/matches arrays with both NFPROTO_IPV4 and NFPROTO_IPV6). Regards, Rami Rosen _______________________________________________ Linux-il mailing list Linux-il@... http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
RSS Feed