File:Netfilter-packet-flow.svg

Original file (SVG file, nominally 1,650 × 525 pixels, file size: 106 KB)

Summary

Description Schematic for the packet flow paths through Linux networking and Xtables
Date last updated 2019-May-19
Source Own work, Origin SVG PNG
Author Jan Engelhardt
SVG development
InfoField
 
The source code of this SVG is invalid due to an error.
 
This W3C-invalid diagram was created with Inkscape.
 
 This diagram uses embedded text that can be easily translated using a text editor.

Licensing

I, the copyright holder of this work, hereby publish it under the following license:
w:en:Creative Commons
attribution share alike
This file is licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.
You are free:
  • to share – to copy, distribute and transmit the work
  • to remix – to adapt the work
Under the following conditions:
  • attribution – You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
  • share alike – If you remix, transform, or build upon the material, you must distribute your contributions under the same or compatible license as the original.

Captions

The path traversed by a data packet in a traditional TCP/IP computer network is influenced by a number of routing and filtering steps.

Items portrayed in this file

depicts

image/svg+xml

File history

Click on a date/time to view the file as it appeared at that time.

(newest | oldest) View (newer 10 | ) (10 | 20 | 50 | 100 | 250 | 500)
Date/TimeThumbnailDimensionsUserComment
current13:54, 21 April 2021Thumbnail for version as of 13:54, 21 April 20211,650 × 525 (106 KB)XavifrMoved Re-route checking based on info from https://www.frozentux.net/iptables-tutorial/chunkyhtml/c962.html
00:18, 4 December 2020Thumbnail for version as of 00:18, 4 December 20201,650 × 525 (105 KB)EditordepapaFixed SVG document size
00:12, 4 December 2020Thumbnail for version as of 00:12, 4 December 20201,650 × 675 (105 KB)EditordepapaAdded the NAT input chain
04:17, 27 June 2020Thumbnail for version as of 04:17, 27 June 20201,650 × 475 (84 KB)WokesterChange XDP_ACCEPT to XDP_PASS according to https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html
17:37, 28 September 2019Thumbnail for version as of 17:37, 28 September 20191,650 × 475 (102 KB)AYDanilovReroute check of local-originated packets occurs after the OUTPUT hook.
14:54, 14 May 2019Thumbnail for version as of 14:54, 14 May 20191,650 × 475 (102 KB)TeknoraverAdded XDP in the flow
02:15, 28 February 2014Thumbnail for version as of 02:15, 28 February 20141,450 × 475 (95 KB)JengelhNF permit hooking at any point. The image merely shows the basic/principial set of well-known filtering opportunities, and not every possible action.
01:16, 10 October 2013Thumbnail for version as of 01:16, 10 October 20131,450 × 475 (95 KB)IlyaBobyrPacket is actually rerouted after any changes in the nat.OUTPUT change. I assume, filter.OUTPUT is also happening before the "reroute check". It makes sense, at least for nat.OUTPUT - if you nat your packet and change its destination IP, normally, you...
00:41, 12 November 2012Thumbnail for version as of 00:41, 12 November 20121,450 × 475 (95 KB)JengelhWikipedia's SVG->PNG converter fails to support path-following text, therefore replace it by normal text.
00:37, 12 November 2012Thumbnail for version as of 00:37, 12 November 20121,450 × 475 (94 KB)JengelhAdded AF_PACKET socket (used by e.g. tcpdump/iptraf-ng/dhcpd)
(newest | oldest) View (newer 10 | ) (10 | 20 | 50 | 100 | 250 | 500)

The following 4 pages use this file:

Global file usage

The following other wikis use this file:

Metadata