information

[Muhammad R. Sami]

Yes, I mean to say the verdict. Now I am a bit confused. Is not the verdict
enough to tell the kernel what to do with the packets? If yes, then it does
not work with me more than once. 

Muhammad R. Sami 
Research Assistant, 
Computer Engineering Department 
P.O.Box 354 
King Fahd University of Petroleum & Minerals 
Dhahran 31261 
Saudi Arabia. 
Tel: +96638601423 
Cell: +96657982951 
www.ccse.kfupm.edu.sa/sami

-----Original Message-----
From: netfilter-devel-admin@lists.netfilter.org
[mailto:netfilter-devel-admin@lists.netfilter.org] On Behalf Of Henrik
Nordstrom
Sent: Saturday, July 03, 2004 4:08 AM
To: Muhammad R. Sami
Cc: 'Babar Qaisrani'; Netfilter List
Subject: RE: information

On Fri, 2 Jul 2004, Muhammad R. Sami wrote:

> I got the libipq/QUEUE part working but the problem is that it only works
> for the first time. For example, if I want to drop all icmp packets, it
> will, but if I change the nfmark from drop to accept and then recompile my
> libipq program, it does not work and the dropping policy is maintained.
Same
> for the other way around. 

Please explain what you refer to by "change the nfmark from drop to 
accept".


nfmark does not have a concept of drop/accept, just value.



Is you perhaps speaking about the verdict set by the userspace telling if
the packet should be accepted (passed on to next hook) or dropped? This is
just a verdict and not related to nfmark.

Regards
Henrik