Hi, Le dimanche 26 septembre 2010 Ã 07:53 +0200, Mistick Levi a Ãcrit : > Hi, > did'nt get any reply on the users list.... Hope anyone here could help out. > > > ---------- Forwarded message ---------- > From: Mistick Levi <gmistick@xxxxxxxxx> > Date: Thu, Sep 23, 2010 at 4:12 PM > Subject: TCP ack in libnetfilter_queue > To: netfilter@xxxxxxxxxxxxxxx > > > Hey, > > i wrote a filter using libnetfilter_queue api, and i want to send > messages to the queue in a specific way... > I want to get the first packet after the TCP 3-way-handshak is > finished ( meaning - only data!).. > > i tried using conntrack with "ESTABLISHED" status, but then i start > getting messages to the queue from the last message of the > handshake... ( meaning the last ack )... and i dont want that since it > contain no data.... What about filtering on PSH, something like: iptables XXXXX --tcp-flags PSH, PSH -j NFQUEUE Not really strict but it should work in most case. Or you can work on packet length, if it has data it is bigger: iptables XXXXX --length 60:1500 -j NFQUEUE BR, -- Ãric Leblond <eric@xxxxxx> EdenWall, http://www.edenwall.com/ NuFW, http://www.nufw.org
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
