forming queues in netfilter
Albert K T Hui
avatar@deva.net
Tue, 30 Nov 1999 13:34:53 +0800
In article <19991130145353.A21650@dynamite.com.au> you wrote:
> 1) Is there anyway to tell netfilter: match succeeded and packet was
> eaten? eaten as a target?
verdict = ((struct nfdev_verdict) { NF_STOLEN ...
> 2) How to inject the packet?
I am using ethertap for it.
/* first you set up a netlink socket */
fd = socket(PF_NETLINK, SOCK_RAW,
NETLINK_TAPBASE + 0 /* use tap0 */ );
struct sockadd_nl nl;
memset(&nl, 0, sizeof(nl));
nl.nl_family = PF_NETLINK;
nl.nl_groups = ~0U;
bind(fd, (struct sockaddr *)&nl, sizeof(nl));
/* then you get a padded ethernet header */
struct taphdr {
u_int16_t pad;
#if defined(__GLIBC__) && __GLIBC__ == 2
struct ether_header ethhdr;
#else
struct ethhdr ethhdr;
#endif
unsigned char payload[65536];
} buf;
/* fill in the payload part with your ip packet */
memcpy(buf.payload, my_ip_packet, my_ip_packet_len);
write(fd, &buf, 16 + my_ip_packet_len);
--
Albert K T Hui