Hello. I have been trying to get the the netfilter queue working, everything is seemingly allright as long as I pass the entire packet to userspace. (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xfffff)). It should be noted that I am testing this on the nfqnl_test.c which is found here: http://svn.netfilter.org/netfilter/trunk/libnetfilter_queue/utils/nfqnl_test.c As long as I copy the entire packet to userspace, everything seems to be running smoothly, I can retrieve whatever I want from the packet. However, I do not want to pass the entire packet to userspace - I just need to check/modify the IP and/or TCP header and then pass the packet along. When I try to use the NFQNL_COPY_META mode, then the program fails. (I am testing this on the beforementioned nfqnl_test.c file with no modifications beside the META mode. Apparently the nfq_get_payload() function always returns -1. I have tried searching for an answer, but almost everywhere I look, people are happy passing the entire packet, does the nfqnl_test.c need additional modifications in order to run in NFQNL_COPY_META mode or what? When using NFQNL_COPY_META mode, I still get some output from the queue (hw_protocol, hook, packet id etc) but as stated, the nfq_get_payload returns -1. I have not found anything on the official site stating that additional modifications are needed when running in META mode, but I might be overlooking something? Another small question, I am a little unclear as to exactly what information is passed in META mode. As far as I can understand, the content of the headers are passed to userspace right? Meaning IP/TCP/HTTP... headers are passed but payload is not? I hope someone is able to help me get to the bottom of this. Kind regards Andreas -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
