Hi, Thanks for the reply, i'll give it a go.. but i was wondering if maybe there should be added a new FLAG for the connection tracking... since i belive most people think that "ESTABLISHED" mean's after the 3way handshake and the start of the session.... any Idea's on why is the "ESTABLISHED" state is on before the 3-way handshake is finished... or maybe there is another flag that would help? Thanks in advance.. Yechiel Levi 2010/9/27 Eric Leblond <eric@xxxxxx>: > Hi, > > Le dimanche 26 septembre 2010 à 07:53 +0200, Mistick Levi a écrit : >> Hi, >> did'nt get any reply on the users list.... Hope anyone here could help out. >> >> >> ---------- Forwarded message ---------- >> From: Mistick Levi <gmistick@xxxxxxxxx> >> Date: Thu, Sep 23, 2010 at 4:12 PM >> Subject: TCP ack in libnetfilter_queue >> To: netfilter@xxxxxxxxxxxxxxx >> >> >> Hey, >> >> i wrote a filter using libnetfilter_queue api, and i want to send >> messages to the queue in a specific way... >> I want to get the first packet after the TCP 3-way-handshak is >> finished ( meaning - only data!).. >> >> i tried using conntrack with "ESTABLISHED" status, but then i start >> getting messages to the queue from the last message of the >> handshake... ( meaning the last ack )... and i dont want that since it >> contain no data.... > > What about filtering on PSH, something like: > iptables XXXXX --tcp-flags PSH, PSH -j NFQUEUE > Not really strict but it should work in most case. > Or you can work on packet length, if it has data it is bigger: > iptables XXXXX --length 60:1500 -j NFQUEUE > > BR, > -- > Éric Leblond <eric@xxxxxx> > EdenWall, http://www.edenwall.com/ > NuFW, http://www.nufw.org > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
