Stealing IP packet in kernel space and reinjecting later

[Brad Chapman]

--- Herve Masson <herve@mindstep.com> wrote:
> Hi all,
> 
> I've a kernel piece of code that need to hold few IP packets for a while
> and reinject them back from where they were stolen. I use the netfilter
> queuing mechanism to do that (the capture hook code returns NF_STOLEN
> verdict,
> and I use nf_reinject() to continue the normal processing).
> 
> My problem is that when doing so, my queue handler prevent the use of
> 'ip_queue' module.
> 
> My question is: is there another mechanism that have the same
> purpose without monopolizing the PF_INET queue handler ?
> 
> Thanks
> Hervé Masson
> 

Mr. Masson,

	Unfortunately, no. The current netfilter queue registration
mechanism only allows one registrar for one protocol. Thus, you would either
have to use ip_queue and just hold the packet in userspace, which is almost
better because it can be swapped ;-), or hack net/core/netfilter.c to allow
multiple registrars for a PF_ family. BTW would this be a good feature,
Mr. Morris?

Brad


=====
Brad Chapman

Permanent e-mail: kakadu_croc@yahoo.com
Current e-mail: kakadu@adelphia.net

Reply to the address I used in the message to you,
please!

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/