Hi Henrik, Thank you very much. I really appreciate your help. Tung. On Wed, Jul 9, 2008 at 7:06 PM, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > On ons, 2008-07-09 at 18:41 -0500, tung tran wrote: >> Hi Jan, >> Thanks for your quick reply. Could you please give me some advices to >> accomplish the task? I need to pass the packet from kernel to a user >> space process to decide if the packet is accepted or denied. > > For that the existing NF_QUEUE mechanism should be used. If a hook > returns NF_QUEUE then the kernel suspends the packet and submits it to a > queue handler for querying the userspace. When the userspace responds > the packet is either rejected or allowed to continue processing at the > next hook handler. > > The normal ip_queue handler uses netlink to talk to userspace. > > There can only be one queue handler in the system. > > iptables has support for this via the QUEUE psuedo-target. > > Regards > Henrik > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
