On ons, 2008-07-09 at 18:41 -0500, tung tran wrote: > Hi Jan, > Thanks for your quick reply. Could you please give me some advices to > accomplish the task? I need to pass the packet from kernel to a user > space process to decide if the packet is accepted or denied. For that the existing NF_QUEUE mechanism should be used. If a hook returns NF_QUEUE then the kernel suspends the packet and submits it to a queue handler for querying the userspace. When the userspace responds the packet is either rejected or allowed to continue processing at the next hook handler. The normal ip_queue handler uses netlink to talk to userspace. There can only be one queue handler in the system. iptables has support for this via the QUEUE psuedo-target. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
