Re: Reinjecting packets using libipq

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi again,

On Tue, Apr 20, 2004 at 02:25:19PM +0530, aksingh@xxxxxxxxxxx told us:
> 
> Hi Sven,
> 
>    thanks for the reply, i wll be a bit more specific with my question this
> time
>    suppose I am using netfilter hooks, and not iptables ---
> 
>    my PRE_ROUTING hook returns NF_QUEUE and the packet goes to the user
>    space, my user space program plays with the packet and then calls
>    ip_set_verdict with a verdict of NF_ACCEPT, in this case the packet
>    would continue its journey in the kernel from after the PRE_ROUTING hook
>    or would it again get caught by the PRE_ROUTING hook ?

Well, like I said, when packets are reinjected (by nf_reinject) they 
continue traversal at the very next rule in your chain. When there's 
no rule left, the traversal of this chain should end. (well that's
what I read from the kernel source, so please anybody correct if I'm
wrong :)

>    Also, I had another doubt, can we use libpq to reinject absolutely new
>    packets into the kernel at the ip level and make sure that they dont get
>    caught by our registered netfilter hooks ? .. or if we cannot use libpq
>    then is someother way available (on the same system where we have the
>    PRE_ROUTING netfilter hook, we want to bypass this hook for certain
>    packets). The newly injected packets cld either be outbound(going to the
>    wire) or inbound( they after going to ip will have to go up the stack to
>    tcp and all)

I recently read your new mail at the netfilter mailing list about 
(re)injecting new packets from userspace, but actually I don't think
that this would work (or at least it would be quite some work to
do), as you'd also have to build a completely new skb in your 
function which would call nf_reinject. Anyone else with more
knowledge on this one??

Another way of injecting packets to the kernel might be packet sockets,
don't know if that would be the right one for you. see man 7 packet


HTH

Sven

> 
> thanks
> Amit
> 


-- 
Linux zion 2.6.6-rc1 #1 Sat Apr 17 11:50:12 CEST 2004 i686 athlon i386 GNU/Linux
 12:17:13  up 2 days, 19:14,  1 user,  load average: 4.20, 4.08, 2.82

Attachment: pgp00849.pgp
Description: PGP signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux