Hi, I need to check the policy (NF_ACCEPT, NF_DROP, etc.) for an skb from the prerouting hook by running it through a dynamically created user-defined chain. The ipt_do_table() routine takes a hooknum (one of the pre-defined hooks) but doesnt allow me to specify a user-defined chain name. The key part of the problem here is that I need to do this in kernel space (wo involving the user-space iptables program). For this, I thought of setting a jump target to the user-defined chain from one of the predefined chains and then running the skb through the predefined chain but that doesnt work since setting the jump target (again directly using the do_ipt_set_ctl, do_ipt_get_ctl, etc.) involves using mutex locks and that doesnt work in the prerouting hook (in the softirq context). Can you suggest a good way of doing this? Thanks. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
