netfilter hook does not see some packets ...

I have a situation where my kernel module that registers
the
nf hooks does does not see some packets. Those packets seems
to be
those that are REDIRECTed by the following iptables rule:

*nat
:WEBFILTER-NAT - [0:0]
-A PREROUTING -j WEBFILTER-NAT
-A WEBFILTER-NAT -s 192.168.69.0/255.255.255.0 -p tcp -m tcp
--dport
80 -j WF-8080
-A WF-8080 -p tcp -j REDIRECT --to-ports 8080
*filter
-A FORWARD -s 192.168.69.0/255.255.255.0 -j QUEUE

I hook 4 hooking points in my module (forward, local-in,
local-out,
pre-routing).
My hooking priority is NF_IP_PRI_FIRST.

What is the reason that packets are not seen by my module ?
How do I fix this ?

Thanks
Yakov

On Aug 23 2007 15:23, Yakov Lerner wrote:
>
>I have a situation where my kernel module that registers
the
>nf hooks does does not see some packets. Those packets
seems to be
>those that are REDIRECTed by the following iptables
rule:
>
>*nat
>:WEBFILTER-NAT - [0:0]
>-A PREROUTING -j WEBFILTER-NAT
>-A WEBFILTER-NAT -s 192.168.69.0/255.255.255.0 -p tcp -m
tcp --dport 80 -j WF-8080
>-A WF-8080 -p tcp -j REDIRECT --to-ports 8080
>*filter
>-A FORWARD -s 192.168.69.0/255.255.255.0 -j QUEUE
>
>I hook 4 hooking points in my module (forward, local-in,
local-out,
>pre-routing).
>My hooking priority is NF_IP_PRI_FIRST.

If you hook in with NF_IP_PRI_FIRST, you see the original
packet, before it got
NATed.


	Jan
--