Hi Amit, On Wed, Apr 21, 2004 at 12:08:33PM +0530, aksingh@xxxxxxxxxxx told us: > > Hi All > > capture packets using the netfilter PRE_ROUTING(all packets coming from > outside this machine wld be captured here) and and the NF_IP_LOCAL_OUT > loop(all packets that are going out of my machine would be captured here). > Then I do a bit of packet mangling in the user space by returning NF_QUEUE > from these two hook functions , my user space process which gets the > packets can do two things, it can either reinject the same into the kernel > ... by setting the verdict in ip_set_verdict as NF_ACCEPT .... or it can > generate(absolutely new packets) its own packets which it wants to send to > the kernel. I use libnet to inject these new packets, my context in libnet > is RAW. Now when these newly injected packets reach the ip( the ones that > were reinjected .. using the ip_set_verdict call are handled fine ... no > problems there) , they are caught by my NF_IP_LOCAL_OUT hook and handed > back to my user space appliaction, i dont want this to happen. what can i > do here to prevent this loop. Maybe you could mark the packets in PREROUTING hook and in LOCAL OUT just hand those packets to userspace without the mark?? HTH Sven > > thanks > Amit > -- Linux zion 2.6.6-rc1 #1 Sat Apr 17 11:50:12 CEST 2004 i686 athlon i386 GNU/Linux 10:02:33 up 14:51, 1 user, load average: 0.02, 0.05, 0.01
Attachment:
pgp00855.pgp
Description: PGP signature
