Gérald Colangelo wrote: > On Fri, Jun 19, 2009 at 03:52:54PM +0200, Pablo Neira Ayuso wrote: >> Jan Engelhardt wrote: >> >> You still have to keep CAP_NET_ADMIN to make it. And you should get >> EPERM when sending packets. > > Ok, i didn't know for the CAP_NET_ADMIN. > But i didn't get EPERM, nfq_set_verdict just returned me a value more than > 0... perhaps EPERM is stored in errno, but at least nfq_set_verdict() reports > success. You're right. We're sending the netlink message to kernel-space without the NLM_F_ACK flag set, that's why we don't get any error reporting back. I'm going to look into this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
