Hello, I am using libnetfilter_queue in C to capture packets. I am setting an iptable rule to queue the incoming packets that would later be processed by the userspace implementation like this: iptables -A INPUT -j NFQUEUE --queue-num 0. I used nfqnl_test.c example as a framework to implement the capture. Everything works as expected. However, I noticed that it is impossible to inspect the queue on the level of ip fragments. That is, if a packet is coming in fragments it is first reassembled before being put into the queue. But I would like to work with fragments. So is there a way to enforce that kind of behavior? What I want to have is a queue where I could observe raw incoming packets (both fragmented and unfragmented) so I would be able to act on them accordingly. I read that the reassembly indeed happens before. On the other hand, with iptables there is -f flag available so there should be a "fragmentation granularity" which I am looking for. I also tried adjusting iptable rules (e.g. iptables -t raw -D PREROUTING -i eth0 -j NFQUEUE --queue-num 0), but the result is still the same. I can only observe already reassembled packet which I definitely know that arrives in fragments. Any help is really appreciated Best regards, Michael -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
