Hi, Le samedi 01 décembre 2007 à 10:33 -0800, Gilad Benjamini a écrit : > Thanks. > If I wouldn't be missing the whole thing, I wouldn't have asked this question. > Your example implies that the packets need to be "injected" back into > the packet flow. > How is this done ? This is done by calling nfq_set_verdict or nfq_set_verdict_mark in userspace. kernel gives a id to the packet before sending it to userspace via [nf]netlink. It then waits for a [nf]netlink message from userspace which will tell them what to do with the packet identified by its id. As you may guess, the packet id is an argument of the verdict function. BR, -- Eric Leblond <eric@xxxxxx> INL
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
