Hi again, I have another question, if I use QUEUE, is there any way that I can pass a packet back to a chain after processing it? For example, I use libipq to receive a packet from kernel (through the special QUEUE chain) and process the packet. After processing the packet, I do not want to ACCEPT or REJECT the packet, but pass it back to a different chain, for example INPUT. Can I do this? Thanks, Tung. On Wed, Jul 9, 2008 at 8:54 PM, tung tran <tunghack@xxxxxxxxx> wrote: > Hi Henrik, > Thank you very much. I really appreciate your help. > Tung. > > On Wed, Jul 9, 2008 at 7:06 PM, Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx> wrote: >> On ons, 2008-07-09 at 18:41 -0500, tung tran wrote: >>> Hi Jan, >>> Thanks for your quick reply. Could you please give me some advices to >>> accomplish the task? I need to pass the packet from kernel to a user >>> space process to decide if the packet is accepted or denied. >> >> For that the existing NF_QUEUE mechanism should be used. If a hook >> returns NF_QUEUE then the kernel suspends the packet and submits it to a >> queue handler for querying the userspace. When the userspace responds >> the packet is either rejected or allowed to continue processing at the >> next hook handler. >> >> The normal ip_queue handler uses netlink to talk to userspace. >> >> There can only be one queue handler in the system. >> >> iptables has support for this via the QUEUE psuedo-target. >> >> Regards >> Henrik >> > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
