ip6tables queueing target support?

Brad Chapman kakadu_croc@yahoo.com
Mon, 29 Oct 2001 12:51:30 -0800 (PST) 

Mr. He,

--- Yu He <yuhe@usc.edu> wrote:
> Hi.
> 
> I am now doing work at a program that tries to manipulate ipv6 packets.
> The idea is to use ip6tables with QUEUE as a target. Then the matched
> ipv6 packets should be read to the user space for further processing.
> 
> For example:
> 
> %ip6tables -A OUTPUT -j QUEUE
> 
> %ip6tables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         
> QUEUE      all      anywhere             anywhere    
> 
> Then, I sent a couple of raw ipv6 packets.
> 
> %ip6tables -L -v
> Chain INPUT (policy ACCEPT 1237 packets, 119K bytes)
>  pkts bytes target     prot opt in     out     source               destination   
>      
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination   
>      
> 
> Chain OUTPUT (policy ACCEPT 47 packets, 3870 bytes)
>  pkts bytes target     prot opt in     out     source               destination   
>      
>     2   108 QUEUE      all      any    any     anywhere             anywhere   
> 
> From the above, the sent packets got matched and should be queued somewhere.
> 
> However, the libipq call ipq_read() would never return such "queued" packet.
> These calls work for ipv4 queued packets though.
> 
> I installed iptables-1.2.3-2.i386.rpm and iptables-ipv6-1.2.3-2.i386.rpm in
> a Linux 7.1 box.
> 
> I guess that there should be another set of libary calls specific to ipv6 
> queued packets. But I can't find such ones anywhere in the iptables-1.2.3
> packet. Can you tell me if the ipv6 queue has been supported yet? and how
> to get the ipv6 queueed packets if it is suported?

	Actually, the libipq library itself is protocol-independent, just not
module-independent. I have some stuff laying around that allows you to specify
whether you want to talk to the IPv4 or IPv6 queue module, but it's highly
unstable, and I think I lost it too :(
	If you MUST have this, I'll write a patch and mail it to you sometime
this week, unless James Morris beats me to it ;)

> 
> Thanks a lot for youe time.
> 
> 
> Reagards,
> 
> --Yu 
> 

Brad


=====
Brad Chapman

Permanent e-mail: kakadu_croc@yahoo.com
Current e-mail: kakadu@adelphia.net
Alternate e-mail: kakadu@netscape.net

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com