* netfilter queue
@ 2009-05-31 5:56 Michael Mefford
2009-05-31 9:38 ` Vincent Bernat
0 siblings, 1 reply; 3+ messages in thread
From: Michael Mefford @ 2009-05-31 5:56 UTC (permalink / raw)
To: netfilter
I need to know how to interact with the netfilter queue. My project
needs to capture TCP packets from the queue, process them in userspace,
and then re-insert them back into the firewall to forwarded on.
However, I can't find any recent documentation that explains how to do
this. The most I can find is about 3 years old (and seemingly out of
date). Does anyone have good working knowledge that might help me
understand this?
Michael.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: netfilter queue
2009-05-31 5:56 netfilter queue Michael Mefford
@ 2009-05-31 9:38 ` Vincent Bernat
0 siblings, 0 replies; 3+ messages in thread
From: Vincent Bernat @ 2009-05-31 9:38 UTC (permalink / raw)
To: Michael Mefford; +Cc: netfilter
OoO En cette aube naissante du dimanche 31 mai 2009, vers 07:56, Michael
Mefford <meffordm@gmail.com> disait :
> I need to know how to interact with the netfilter queue. My project
> needs to capture TCP packets from the queue, process them in
> userspace, and then re-insert them back into the firewall to forwarded
> on. However, I can't find any recent documentation that explains how
> to do this. The most I can find is about 3 years old (and seemingly
> out of date). Does anyone have good working knowledge that might help
> me understand this?
You have a basic example in the sources:
https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_queue.git;a=blob;f=utils/nfqnl_test.c;hb=HEAD
I have a pet project using Netfilter queue if you want another example:
http://cgit.luffy.cx/udpproxy/tree/src/proxy.c
There is also nufw and mxallowd that uses netfilter queue.
To modify a packet, just modify your received copy (or another copy) and
use the two last arguments of nf_queue_set_verdict to be the size and a
pointer to your copy. Otherwise, set them to 0 and NULL.
--
#ifdef STUPIDLY_TRUST_BROKEN_PCMD_ENA_BIT
2.4.0-test2 /usr/src/linux/drivers/ide/cmd640.c
^ permalink raw reply [flat|nested] 3+ messages in thread
* netfilter queue
@ 2009-12-01 4:15 ratheesh k
0 siblings, 0 replies; 3+ messages in thread
From: ratheesh k @ 2009-12-01 4:15 UTC (permalink / raw)
To: netfilter
Hi all ,
xt_time module is not handling DST . So i am writing a
userspace application to handle time based pkt filtering by queuing
pkts to userspace using NFQUEUE target .
There are some concerns and doubts
1 ) All packets will be copied to userspace , one pkt at a time ,
based on the iptables rule . But , if i use any system call in my user
space application before reinjecting the pkt back to kernel , will it
severely dampen the network throughput ?
2) Creating /proc entries and passing DST values to kernel and Handle
Time by xt_time module will be a better solution ?
Thanks,
Ratheesh
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-12-01 4:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-31 5:56 netfilter queue Michael Mefford
2009-05-31 9:38 ` Vincent Bernat
-- strict thread matches above, loose matches on Subject: below --
2009-12-01 4:15 ratheesh k
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).