Hi, Le lundi 11 février 2013 à 12:47 +0800, Aaron Lewis a écrit : > Hi, > > Protocols like HTTP are segmented, so I must rebuild the whole > incoming packet prior to modify it. > > But with libnetfilter_queue, you receive one packet at time, and you > just either ACCEPT or do other actions. > > Do you think there's a way to let libnetfiter_queue buffer the packet > before sending to userland program? > So that in the callback I will see the whole packet. You don't have to verdict one packet at a time. See again https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/ for explanation. > Any ideas? Or other alternatives is welcomed! For HTTP, you will only be able to buffer and modify the packets in a TCP window. So you will have HTTP messages that won't be handled by this system. A working solution could be to use a (trasnparent maybe) proxy to get the whole request. Maybe you can use TPROXY mechanism if you want a good transparency. BR, -- Eric Leblond
Attachment:
signature.asc
Description: This is a digitally signed message part
