Hi all. I ran into problem while developing custom traffic filter; it is needed to change TCP options in some of connection packets (signing the transmission), and thereby tcp data offset is increased, network (sender size) starts to duplicate missing bytes (length - data offset increase). I guess there's two ways of solving this - 1) getting custom module to the place before SEQ/ACK are set for first packet and doing NFQUEUE work there 2) constantly changing SEQ/ACK for a whole connection using connmark. What else can be recommended and how may the NFQUEUE transparency be preserved whilst having SEQ/ACKs changed in a whole stream? Seen that those guys - http://stackoverflow.com/questions/260757/packet-mangling-utilities-besides-iptables - had solved this somehow. -- cheers, Igor -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
