From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jon Webb Subject: Re: using ip_queue in kernel space Date: Thu, 04 Mar 2004 15:20:34 -0800 Sender: netfilter-devel-admin@lists.netfilter.org Message-ID: <4047B9C2.6050706@binary-one.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Return-path: To: netfilter-devel@lists.netfilter.org In-Reply-To: Errors-To: netfilter-devel-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: netfilter-devel.vger.kernel.org Unit Zero wrote: >I've been curious for a while about the viability of using ip_queue from >a kernel module, without any userland side. It seems that ip_queue is >really only used for deferring the verdict on packets to a userspace >program, but if I simply install a queue handler in the module init >entrypoint and then install a netfilter hook that returns a QUEUE verdict >on packets I want, and then do whatever in my queue handler, (kick off >timer tasks to issue verdicts or some other such thing) will this work? > > > Of course, there are kernel level calls for getting packets out and reinjecting them... They can be called from a kernel module. I tried to do this once, and it worked ok, except that I needed access to the kernel routing table flags to decide what to do with the packets, and I could only get at those from userspace (ironically), so I had to abandon that implementation. - Jon Webb