--- Patrick McHardy <kaber@xxxxxxxxx> wrote:
> Abhinav Srivastava wrote:
> > Hi Patrick,
> >
> > I tried to do what you said but some how could not
> > achieve it and since project deadlines are so
> pressing
> > I would like to achieve the same thing but from
> the
> > user space.
> >
> > Inside the ebtables code, I intercept packets and
> send
> > it to userspace application, which decides whether
> to
> > accept the packet or drop it and re-inject it to
> the
> > network. I heard it can be done for iptables but
> can
> > it be done for ebtables?
> >
> > I saw libipq which provides you functionality of
> > reinjecting the packets into ipfilters ip queue.
> >
> > I would like to reinject the packet to ebtable
> > filtering code or if not then directly out to the
> > interface if I decide packet is to be accepted.
> Please
> > let me know if this deisgn is possible. I also ok
> with
> > passing the packet using libipq to ipfilters as
> long
> > as they can send the packet out to network. I just
> > want to achieve the complete design with minimum
> > hassle because of deadline.
> >
> > I would really appreciate your help.
>
>
> Well, the iptables queuing depends on exactly the
> QUEUE
> functionality I described, you'll need to add this
> to
> the briding code, otherwise it won't work.
>
>
Hi Patrick,
Thanks for your reply. I have started looking into the
code of ebtables in order to implement the
functionality. However I got curious by reading
somewhere that iptables can be used to filter packets
at bridge level. Is this correct?
Since I am not doing any MAC level filtering, I am
getting hold of sk_buff reference from ebtables code
and then doing my own thing. Can I use iptables for
this purpose? If yes, then is it possible to use
iptables QUEUE and re-injection facilities here? OR
again it is the same problem that packets are passing
through bridge and iptables QUEUE and re-injection
code will drop the packet when it sees bridge
protocol and other problems that you mentioned before.
Regards,
Abhinav
Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
