I _suspect_ that you need to turn off the reverse path filter
(rp_filter) and/or add routing table rules for your protocol number (99)
that says the packets for $IPADDRESS protocol 99 are to be sent out
$INTERFACE.
The reverse path filter is a simple check of "did this packet come in on
the inteface I'd naturally use for a reply?
This test is right for many, many problems but it will trip up creative
solutions to atypical problems.
On 4/10/19 11:50 AM, Kees-Jan Hermans wrote:
Hi,
I’d like to write a PoC for a userland IP network crypto using
libnetfilter_queue, where I mangle packets both from plaintext to
cipher text (PT-to-CT), and vice versa (CT-to-PT). I have a process
that opens two queues (queue 0 is for CT-to-PT, queue 1 is PT-to-CT).
The IP_PROTO for CT packets is 99 (any private encryption scheme)...
