Hello, I'm working on a project which wants to port a Windows-based network protocol to Linux. The protocol works as a VPN/Firewall, on packets copied from Data-Link Layer to user space. In MS Windows WinpkFilter(C) does copying from kernel space (Data-Link layer) to user space and then it drops the original packet. In user space, our protocol does some operation on packet ( e.g. checks the packet authority and/or encrypts/decrypts it, ...) and then injects the packet upward to application layer or downward or simply drops it. So our requirements are: Capture each packet which is coming inside or going outside the computer in Data-link Layer. Create a copy of the packet and drop the original one. Copy of packet must be available in user space to be manipulated by our protocol. After manipulation in user space, inject encrypted/decrypted version of the privileged (copy of) packets to the network or upward to the application layer. And of course we want to have the minimum changes to be made on our current protocol. I tried raw sockets and netfilter netlink, but I didn't find a suitable solution which let me to drop packets or inject them upward to the application layer. I need to know if it is possible to do this with libraries/interfaces currently available in user space or should I write a kernel module that does the above tasks for us? Any guidance is pleased, Thanks in advance, Hamid. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
