On Wednesday 2009-04-01 00:03, Haibin Wang wrote: > >First, Does netfilter provide a stream-like interface in kernel space, >in addition to packets? Even STREAMS is quite message-based and you need to collect packets/messages before you can linearize them to form a stream of sorts. >Second, if not, is there a way that netfilter provides packets of a >TCP connection in right order ( maybe also duplications free)? No. >Third, if so, what would be the best place to put in TCP reassembly >code to collect packets and present a stream-like interface? I used >NAT helper and CONNTRACK helper before, but not sure that is the right >place to fulfill such a function. A hyphothetical tcp "defrag" or "ordering" module should be run after nf_defrag_ipv4. >Essentially we are doing a project that requires inspecting contents >of TCP connections, our current approach requires patch to kernel >TCP/IP stack, which isn't that convenient to end users. So we want to >explore the idea whether we could do it using Netfilter. But so far I >haven't found such an interface from Netfilter documentation. > You could be using libnetfilter_queue to do it in userspace instead. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
