* Async processing using NetFilters
@ 2007-04-19 7:35 Lokesh
0 siblings, 0 replies; 6+ messages in thread
From: Lokesh @ 2007-04-19 7:35 UTC (permalink / raw)
To: netfilter
Hi All,
I'm using Linux RedHat 9 kernel version 2.4.20-8
I want to do some asynchronous processing of packets in my kernel
module that is registered as
Netfilter Hook. I tried to make use of NF_QUEUE but found that only
one call back function per
protocol family (PF) is provided and already some module (probably
NET_LINK socket interface)
is making use of it for PF_INET. Is there any way to use NF_QUEUE
facility without disturbing
NET_LINK ? why per hook registration of call back function of
NF_QUEUE is not provided?
How to proceed if someone had to do async processing of packets so
that pkts can be queued to crypto hardware processing unit and can be
safely reinjected back into kernel later so that other registered
hooks can get pkts?
any help is highly appreciated.
Thanks
-Lokesh.
********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s)
and may contain confidential, proprietary and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended recipient,
please immediately notify the sender by reply email and destroy all copies of the original message.
Thank you.
Intoto Inc.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Async processing using NetFilters
@ 2007-04-23 12:35 Lokesh
0 siblings, 0 replies; 6+ messages in thread
From: Lokesh @ 2007-04-23 12:35 UTC (permalink / raw)
To: netdev
Hi All,
I posted this to Netfiler list but got no response.
dont know if it is a right place to ask this question, but any
answer/clue will be helpful to me.
Thanks
-Lokesh
>I'm using Linux RedHat 9 kernel version 2.4.20-8
>I want to do some asynchronous processing of packets in my kernel
>module that is registered as
>Netfilter Hook. I tried to make use of NF_QUEUE but found that only
>one call back function per
>protocol family (PF) is provided and already some module (probably
>NET_LINK socket interface)
>is making use of it for PF_INET. Is there any way to use NF_QUEUE
>facility without disturbing
>NET_LINK ? why per hook registration of call back function of
>NF_QUEUE is not provided?
>How to proceed if someone had to do async processing of packets so
>that pkts can be queued to crypto hardware processing unit and can
>be safely reinjected back into kernel later so that other registered
>hooks can get pkts?
>any help is highly appreciated.
>Thanks
********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s)
and may contain confidential, proprietary and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended recipient,
please immediately notify the sender by reply email and destroy all copies of the original message.
Thank you.
Intoto Inc.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Async processing using NetFilters
@ 2007-04-26 8:57 Lokesh
2007-04-26 9:09 ` Padam J Singh
0 siblings, 1 reply; 6+ messages in thread
From: Lokesh @ 2007-04-26 8:57 UTC (permalink / raw)
To: netfilter-devel
Hi All,
>I'm using Linux RedHat 9 kernel version 2.4.20-8
>I want to do some asynchronous processing of packets in my kernel
>module that is registered as
>Netfilter Hook. I tried to make use of NF_QUEUE but found that only
>one call back function per
>protocol family (PF) is provided and already some module (probably
>NET_LINK socket interface)
>is making use of it for PF_INET. Is there any way to use NF_QUEUE
>facility without disturbing
>NET_LINK ? why per hook registration of call back function of
>NF_QUEUE is not provided?
>How to proceed if someone had to do async processing of packets so
>that pkts can be queued to crypto hardware processing unit and can
>be safely reinjected back into kernel later so that other registered
>hooks can get pkts?
>any help is highly appreciated.
>Thanks
********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s)
and may contain confidential, proprietary and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended recipient,
please immediately notify the sender by reply email and destroy all copies of the original message.
Thank you.
Intoto Inc.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Async processing using NetFilters
2007-04-26 8:57 Async processing using NetFilters Lokesh
@ 2007-04-26 9:09 ` Padam J Singh
0 siblings, 0 replies; 6+ messages in thread
From: Padam J Singh @ 2007-04-26 9:09 UTC (permalink / raw)
To: Lokesh; +Cc: netfilter-devel
Hello Lokesh,
Try the NF_STOLEN approach, and take care of the skb. You can re-inject
the packet this way.
R,
Padam.
Lokesh wrote:
> Hi All,
>> I'm using Linux RedHat 9 kernel version 2.4.20-8
>> I want to do some asynchronous processing of packets in my kernel
>> module that is registered as
>> Netfilter Hook. I tried to make use of NF_QUEUE but found that only
>> one call back function per
>> protocol family (PF) is provided and already some module (probably
>> NET_LINK socket interface)
>> is making use of it for PF_INET. Is there any way to use NF_QUEUE
>> facility without disturbing
>> NET_LINK ? why per hook registration of call back function of
>> NF_QUEUE is not provided?
>> How to proceed if someone had to do async processing of packets so
>> that pkts can be queued to crypto hardware processing unit and can be
>> safely reinjected back into kernel later so that other registered
>> hooks can get pkts?
>> any help is highly appreciated.
>> Thanks
>
>
>
> ********************************************************************************
>
> This email message (including any attachments) is for the sole use of
> the intended recipient(s) and may contain confidential, proprietary
> and privileged information. Any unauthorized review, use, disclosure
> or distribution is prohibited. If you are not the intended recipient,
> please immediately notify the sender by reply email and destroy all
> copies of the original message. Thank you.
>
> Intoto Inc.
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Async processing using NetFilters
@ 2007-04-26 9:53 Lokesh
0 siblings, 0 replies; 6+ messages in thread
From: Lokesh @ 2007-04-26 9:53 UTC (permalink / raw)
To: netfilter-devel
Hi Padam,
Thanks for the reply,
would you please elaborate your reply?
How can I reinject the packet back into stack so that hooks
registered after my module can get the pkt? to call nf_reinject needs
NF_HOOK related data struct to be passed
its prototype is as below.
void nf_reinject(struct sk_buff *skb, struct nf_info *info,
unsigned int verdict)
and if I call ip_rcv() my hook gets called again by the NF infra, and
pkt may go through all the hook 2 times which I dont want.Thanks
-Lokesh.
********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s)
and may contain confidential, proprietary and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended recipient,
please immediately notify the sender by reply email and destroy all copies of the original message.
Thank you.
Intoto Inc.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Async processing using NetFilters
@ 2007-05-14 11:52 Lokesh
0 siblings, 0 replies; 6+ messages in thread
From: Lokesh @ 2007-05-14 11:52 UTC (permalink / raw)
To: netfilter
Sorry for sending this again. anybody can please give me a clue ?
>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>Date: Thu, 19 Apr 2007 13:05:15 +0530
>To: netfilter@lists.netfilter.org
>From: Lokesh <lokeshnb@intoto.com>
>X-Virus-Scanned: by Intoto Anti-X 1.0; Thu, 19 Apr 2007 13:00:54 +0530
>X-Spam-Scanned: by Intoto Anti-X 1.0; Thu, 19 Apr 2007 13:00:54 +0530
>X-Spam-RefID: str=0001.0A090208.46271AAD.00D3,ss=1,fgs=0
>X-Virus-Scanned: by Intoto Anti-X 1.0; Thu, 19 Apr 2007 13:00:49 +0530
>X-Spam-Scanned: by Intoto Anti-X 1.0; Thu, 19 Apr 2007 13:00:49 +0530
>X-Spam-RefID: str=0001.0A090208.46271AA8.00DA,ss=1,fgs=0
>X-Scanned-By: MIMEDefang 2.41
>Subject: Async processing using NetFilters
>X-Virus-Scanned: by Intoto Anti-X 1.0;
> Thu, 19 Apr 2007 13:26:37 +0530
>X-Spam-Scanned: by Intoto Anti-X 1.0;
> Thu, 19 Apr 2007 13:26:37 +0530
>X-Spam-RefID: str=0001.0A090204.462720B5.0025:SCGMAF58662,ss=1,fgs=0
>X-BeenThere: netfilter@lists.netfilter.org
>X-Mailman-Version: 2.1.5
>List-Id: General discussion and user questions <netfilter.lists.netfilter.org>
>List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
> <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
>List-Archive: </pipermail/netfilter>
>List-Post: <mailto:netfilter@lists.netfilter.org>
>List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
>List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
> <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
>Sender: netfilter-bounces@lists.netfilter.org
>
>Hi All,
>I'm using Linux RedHat 9 kernel version 2.4.20-8
>I want to do some asynchronous processing of packets in my kernel
>module that is registered as
>Netfilter Hook. I tried to make use of NF_QUEUE but found that only
>one call back function per
>protocol family (PF) is provided and already some module (probably
>NET_LINK socket interface)
>is making use of it for PF_INET. Is there any way to use NF_QUEUE
>facility without disturbing
>NET_LINK ? why per hook registration of call back function of
>NF_QUEUE is not provided?
>How to proceed if someone had to do async processing of packets so
>that pkts can be queued to crypto hardware processing unit and can
>be safely reinjected back into kernel later so that other registered
>hooks can get pkts?
>any help is highly appreciated.
>Thanks
>-Lokesh.
>
>
>
>********************************************************************************
>This email message (including any attachments) is for the sole use
>of the intended recipient(s) and may contain confidential,
>proprietary and privileged information. Any unauthorized review,
>use, disclosure or distribution is prohibited. If you are not the
>intended recipient, please immediately notify the sender by reply
>email and destroy all copies of the original message. Thank you.
>Intoto Inc.
********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s)
and may contain confidential, proprietary and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended recipient,
please immediately notify the sender by reply email and destroy all copies of the original message.
Thank you.
Intoto Inc.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-05-14 11:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-26 8:57 Async processing using NetFilters Lokesh
2007-04-26 9:09 ` Padam J Singh
-- strict thread matches above, loose matches on Subject: below --
2007-05-14 11:52 Lokesh
2007-04-26 9:53 Lokesh
2007-04-23 12:35 Lokesh
2007-04-19 7:35 Lokesh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.