On Tue, 20 Apr 2004, Christian Riechmann wrote: > is it possible to read - via ipq_read/ipq_get_packet - a UDP packetr > and after some changes to accept - via ipq_set_verdict with NF_ACCEPT and > shorter length - it as a TCP packet? Should be possible. > Here is what I wish to do: > For the transmission of IP packets (UDP, ICMP, TCP) between two hosts > I want to send these packets through a UDP tunnel. This is best accomplished using a virtual tunnel device for the packet transformations. This way the packet flow gets natural to netfilter with no risk of confusing conntrack, and MTU processing etc gets more natural... If you want to do the transformations in userspace then use a tun device. If you rewrite packets "in the middle of everything" then conntrack will get somewaht confused as the packets will look differently depending on the direction (conntrack will see forward traffic original, return traffic tunneled). Also, firewalling gets a bit odd. So I would not recommend using QUEUE for what you describe. Regards Henrik
