On Mon, 2005-11-14 at 14:58 +0000, JP Beaudry wrote: > >can you post the URL to the sourcecode of this animal? > > I'm afraid all I can do is cut n'paste the relevant sections below. oh well; I'll assume that you're a good boy and whatever you're doing is GPL licensed anyway (as the kernel license requires). If not you need really good/expensive laywers ;) > > >to be honest I wonder why they sort of seem to duplicate firewall rules, > >and aren't using the firewall engine which provides hooks in all the > >right places... > > That's a very good question. I'll try to an answer on that. ... > > >also you really shouldn't call setsockopt() in the kernel, it highly > >depends on the arguments being in userspace.... > > Right, I figured that much. So how can I do the equivalent in kernel space? it really depends on what you do > Hopefully this makes some sense. to me it still sounds like you should be using the netfilter hooks for that, and create a netfilter module for what you want to do. -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
