Hi Netfilter folks, Some questions on netfilter interface in kernel space. First, Does netfilter provide a stream-like interface in kernel space, in addition to packets? Second, if not, is there a way that netfilter provides packets of a TCP connection in right order ( maybe also duplications free)? Third, if so, what would be the best place to put in TCP reassembly code to collect packets and present a stream-like interface? I used NAT helper and CONNTRACK helper before, but not sure that is the right place to fulfill such a function. Essentially we are doing a project that requires inspecting contents of TCP connections, our current approach requires patch to kernel TCP/IP stack, which isn't that convenient to end users. So we want to explore the idea whether we could do it using Netfilter. But so far I haven't found such an interface from Netfilter documentation. I did read another open source project Layer 7 Netfilter, http://l7-filter.sourceforge.net/ , but since it also applies patch to the kernel, it isn't exactly what we want, though a good place to start with. Thanks for your attention. Haibin -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
