On mer., févr. 15, 2017 at 6:21 , Fabian Franz
<s1410239008@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Dear Mr. Cochran,
even if your document looks good, I am looking for some documentation
related to nftables - iptables is NO option because I want to
implement
a kernel module for nftables doing that.
The problem is, that there is a wiki how to use it, but there is no
information how to extend it:
https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
From your description, "query a user space application, if the packet
is allowed", seems to be exactly nfqueue, which is already developed
and in mainline kernel, and supported by nftables. The wiki you link to
has a page on it:
https://wiki.nftables.org/wiki-nftables/index.php/Queueing_to_userspace.
As you can also see in the link, there is a userspace library for it,
libnetfilter_queue, as well.
The question is maybe, do you want to solve a problem (in which case I
believe nfqueue could be a solution), or write a kernel module (in
which case, sorry to be useless, I don't know about any documentation
on the kernel side of netfilter) ?
--
Anatole
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
