libipq API documentation
Drori Ghiora
drori@edrori.com
Mon, 20 Nov 2000 19:44:01 +0000
To see what you want working:
cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co netfilter
Then
cd userspace
gmake
Then:
(assuming you have a 2.4 kernel with the corect modules compiled.
# modprobe iptable_filter
# modprobe ip_queue
# iptables -A OUTPUT -p icmp -j QUEUE
or
# iptables -D OUTPUT -p ip -j QUEUE ( All ip packets)
# iptables -D OUTPUT -p icmp -j QUEUE (To remove the rule later)
# iptables -L (To list the rules)
With the above rules, locally generated outgoing ICMP packets (as
created with,
say, ping) are passed to the ip_queue module, which then attempts to
deliver
the packets to a userspace application. If no userspace application is
waiting, the packets are dropped.
To write a userspace application, use the libipq API. This is
distributed with iptables. Example code may be found in the testsuite
tools intercept.c
To see the packets:
cd /SRCS/Security/netfilter/testsuite/tools
You must run the follwing as root or it exists with:
NLMSG_ERROR
./intercept LOCAL_OUT ACCEPT 1000 1000 src=192.168.1.5
./intercept LOCAL_OUT ACCEPT 1000 1000 src=212.179.15.113
P.S
I suggest someone add the following change to intercept.c line 201
case NLMSG_ERROR:
fprintf(stderr, "Are you root? Received error message %d\n",
ipq_get_msgerr(packet));
exit(1);