Short question: Does anyone have example source code for user land handling of packets off of NFQUEUE in a bridged environment? I believe that I've successfully created a bridged environment as follows: ============================ ifconfig eth0 promisc up ifconfig eth0 promisc up brctl addbr br0 brctl stp br0 off brctl setbridgeprio br0 2 brctl addif br0 eth0 brctl addif br0 eth1 ifconfig br0 0.0.0.0 echo 1 > /proc/sys/net/ipv4/ip_forward ============================ Using the above configuration and connecting my box between two networks or a network and a client computer works great. Both sides work and the bridge appears transparent to them. I try to handle packets in my userland application by sending them to an NFQUEUE using: ============================ sudo iptables -t mangle -A FORWARD -m physdev --physdev-in eth0 -j NFQUEUE --queue-num 0 sudo iptables -t mangle -A FORWARD -m physdev --physdev-in eth1 -j NFQUEUE --queue-num 0 ============================ After I create the above two rules traffic no longer gets through the bridge, as I'd suspect since it must now be handled by someone reading from the NFQUEUE. ============================ sudo iptables -t mangle --list -v ============================ Shows packets reaching both physical devices. My problem is I cannot get my application to get a notification that something is in the queue so it can be handled. I'm can post my source but a working skeleton example would get me there just as quickly without people debugging my code. Version information: bridge-utils v1.2 iptables v1.4.0 ebtables v2.0.8-1 (May 2007 arptables v0.0.3-3 Thanks, Mike Herms -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
