Eric Leblond wrote: > Hello, > > On Tuesday, 2008 July 22 at 17:02:14 -0700, Curtis Wyatt wrote: >> I am using ip_queue. I understand that is depreciated. >> >> I want to intercept a packet, alter it (change payload and source ip >> address and destination ip address) and then do an NF_ACCEPT on it, to >> have it continue on its way to another machine. However it never >> shows up at that other machine. Is there anyway to do this without >> doing an NF_DROP and then sending a new packet through? >> >> Will libnetfilter_queue do this for me? > > Yes, but you will have to compute the checksum of the modified packet by > yourself. > > Someone should send a patch which adds helper functions to ease that > task in a day or two. > >> I don't want to move to >> libnetfilter_queue because I can't find a redhat rpm and I can't find >> hardly any documentation on it. > > Compilation is not really difficult but lack of documentation is a real > problem. The only thing for now is too look at snort-inline or NuFW code > to see how to use the library. I remember that you have mentioned some libnetfilter_queue's documentation during the RMLL? I'm willing to include it if that helps users. Where is it? -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
