From: aton <aton@packetdropped.org>
To: netfilter-devel@lists.netfilter.org
Subject: Re: netfilter_queue reinjecting packets
Date: Sun, 12 Mar 2006 20:21:33 +0100 [thread overview]
Message-ID: <20060312202133.08f8d8ee.aton@packetdropped.org> (raw)
In-Reply-To: <441433C2.6010901@trash.net>
[-- Attachment #1: Type: text/plain, Size: 1920 bytes --]
On Sun, 12 Mar 2006 15:44:18 +0100
Patrick McHardy <kaber@trash.net> wrote:
> aton wrote:
> > has anyone used netfilter_queue and successfully re-injected packets into the net?
> >
> > i want to write sort of a userspace routing application.
> >
> > host A is my workstation, it has host B as default gateway.
> >
> > on host B my routing application runs.
> > it receives packets from netfilter_queue using libnetfilter_queue.
> > this works very well and i can display the whole packets.
> >
> > now i just want to send them back into the net, so that they reach their destination.
> >
> > i modified the main loop in the source of nfqnl_test.c in the libnetfilter_queue package:
> >
> > while ((rv=recv(fd, buf, sizeof(buf), 0)) >= 0)
> > {
> > printf("pkt received:\n");
> >
> > printf("sending packet back\n");
> >
> > if ((sv=send(fd, buf, sizeof(buf), 0))==-1)
> > {
> > perror("send");
> > exit(EXIT_FAILURE);
> > }
> > printf("done\n");
> > }
> >
> > this should send every packet back to... where?
> > it seems the packets are just sent into nirvana, i cannot sniff them, and i dont get an error from send().
>
> nfnql_test already reinjects packets by the call to nfq_issue_verdict.
> It seems you need to read the documentation ..
>
>
sorry, but i cannot find any call to nfq_issue_verdict in this file.
perhaps you mean nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); ?
i thought nfq_set_verdict was used to specify a handling routine for the packets... in the case of nfq_test.c set the handling routine for packets to the print_pkt() function.
am i wrong?
what documentation? i would _love_ to read some documentation about libnetfilter_queue.
i have looked through http://netfilter.org/documentation/index.html#documentation-howto but i cannot find anything specific about libnetfilter_queue...
greetings, aton
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2006-03-12 19:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-11 23:24 volunteer tcl script writer needed for iptables application John A. Sullivan III
2006-03-12 14:10 ` netfilter_queue reinjecting packets aton
2006-03-12 14:44 ` Patrick McHardy
2006-03-12 19:21 ` aton [this message]
2006-03-12 19:35 ` Patrick McHardy
2006-03-14 12:54 ` aton
2006-03-14 16:46 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060312202133.08f8d8ee.aton@packetdropped.org \
--to=aton@packetdropped.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.