Sending packets from netfilter modules

[Nils Rennebarth <Nils.Rennebarth@web.de>]

Hi,

I want to send a new packet that was created from scratch from within a netfilter module.

There are already examples in the kernel tree, e.g. in net/ipv4/netfilter/ipt_REJECT.c, so I modeled my code after these and got it working: The packets appear on the wire and are received by other hosts.

However, the packet is finally sent using ip_local_out, so from a firewall perspective, the packet appears out of thin air and then travels through the OUTPUT chain and out to the network device. What I want instead, is for the packet to take the same way as an incoming packet, i.e. travel through the PREROUTING chain, gets routed, travels through FORWARD, routed again travels through POSTROUTING and be sent out.

The reason is that my netfilter module acts as a man-in-the-middle in a router, and the self-generated packets should not circumvent the firewall or need a duplicated ruleset in the OUTPUT chain, etc.

I thought, something like netif_receive_skb or netif_rx may do what I want, but those rely on a prepared skb. Can someone point me into the right direction?
______________________________________________________
GRATIS für alle WEB.DE-Nutzer: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://movieflat.web.de

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html