Re: libipq: man page != online doc and a question

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira <pablo@eurodev.net>
To: Jvalencia <tigrezno@log01.org>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: libipq: man page != online doc and a question
Date: Sat, 16 Oct 2004 18:52:40 +0200	[thread overview]
Message-ID: <417151D8.3080506@eurodev.net> (raw)
In-Reply-To: <20041016175921.71c207d0.tigrezno@log01.org>

Jvalencia wrote:

>>>This man page dates from 2001 :S
>>>
>>>Online netfilter hacking guide tells about NF_ACCEPT, NF_DROP, NF_QUEUE and NF_REPEAT.
>>> 
>>>
>>>      
>>>
>>yes, these are all possibles verdicts in a *kernel hook*, not in ip_queue
>>    
>>
>
>mmm but I was able to use NF_QUEUE in ipq_set_verdict using libipq.
>
>ipq_set_verdict(h, m->packet_id, NF_QUEUE, 0, NULL);
>Exit code was 28, a success.
>  
>

you are right, actually I was having a look at that right now :), but 
does it make any sense issuing NF_QUEUE as verdict from an ip_queue user 
space program?

You are right again, you can also issue a NF_REPEAT. Maybe you could 
update that manpage, have a look at the CVS and post a patch to the 
maillist.

>>>Can I send the packet to another chain with verdicts?
>>> 
>>>
>>>      
>>>
>>what do you mean?
>>
>>    
>>
>
>In iptables you have various chains, as INPUT, OUTPUT and other user created as "icmp_traffic" for example. 
>I want to move a packet to a chain as "strange_traffic" from libipq because of its content. Is this possible?
>  
>

no, AFAIK iptables and ip_queue doesn't have a way to interchange 
information between them. If you like, give me more information about 
you want to do, I'll see if I can help you out.

regards,
Pablo

next prev parent reply	other threads:[~2004-10-16 16:52 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-10-15 18:21 libipq: man page != online doc and a question Jvalencia
2004-10-16 16:29 ` Pablo Neira
2004-10-16 16:59   ` Jvalencia
2004-10-16 16:52     ` Pablo Neira [this message]
2004-10-16 17:21       ` Jvalencia

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=417151D8.3080506@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=tigrezno@log01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.