From: Abhinav Srivastava <abhinavs_iitkgp@yahoo.co.in>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Implementation of Ebtables target similar to QUEUE
Date: Wed, 24 Oct 2007 00:12:29 +0100 (BST) [thread overview]
Message-ID: <24362.80553.qm@web7903.mail.in.yahoo.com> (raw)
In-Reply-To: <471869C4.1010606@trash.net>
--- Patrick McHardy <kaber@trash.net> wrote:
> Abhinav Srivastava wrote:
> > Hi Patrick,
> >
> > I tried to do what you said but some how could not
> > achieve it and since project deadlines are so
> pressing
> > I would like to achieve the same thing but from
> the
> > user space.
> >
> > Inside the ebtables code, I intercept packets and
> send
> > it to userspace application, which decides whether
> to
> > accept the packet or drop it and re-inject it to
> the
> > network. I heard it can be done for iptables but
> can
> > it be done for ebtables?
> >
> > I saw libipq which provides you functionality of
> > reinjecting the packets into ipfilters ip queue.
> >
> > I would like to reinject the packet to ebtable
> > filtering code or if not then directly out to the
> > interface if I decide packet is to be accepted.
> Please
> > let me know if this deisgn is possible. I also ok
> with
> > passing the packet using libipq to ipfilters as
> long
> > as they can send the packet out to network. I just
> > want to achieve the complete design with minimum
> > hassle because of deadline.
> >
> > I would really appreciate your help.
>
>
> Well, the iptables queuing depends on exactly the
> QUEUE
> functionality I described, you'll need to add this
> to
> the briding code, otherwise it won't work.
>
>
Hi Patrick,
Thanks for your reply. I have started looking into the
code of ebtables in order to implement the
functionality. However I got curious by reading
somewhere that iptables can be used to filter packets
at bridge level. Is this correct?
Since I am not doing any MAC level filtering, I am
getting hold of sk_buff reference from ebtables code
and then doing my own thing. Can I use iptables for
this purpose? If yes, then is it possible to use
iptables QUEUE and re-injection facilities here? OR
again it is the same problem that packets are passing
through bridge and iptables QUEUE and re-injection
code will drop the packet when it sees bridge
protocol and other problems that you mentioned before.
Regards,
Abhinav
Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php
prev parent reply other threads:[~2007-10-23 23:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-28 20:51 Implementation of Ebtables target similar to QUEUE Abhinav Srivastava
2007-09-28 21:14 ` Patrick McHardy
2007-09-28 21:26 ` Abhinav Srivastava
2007-09-28 21:42 ` Patrick McHardy
2007-10-18 20:29 ` Abhinav Srivastava
2007-10-19 8:24 ` Patrick McHardy
2007-10-23 23:12 ` Abhinav Srivastava [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=24362.80553.qm@web7903.mail.in.yahoo.com \
--to=abhinavs_iitkgp@yahoo.co.in \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).