Hi, ====Mulyadi Santosa message====== Just trying to clear up some doubts: 1. Which chain(?) do you use ? pre routing? post routing?
2. How do you inject the packet back to the kernel? =====end==== I am using the IP_FORWARD chain to capture the packet. To insert the packet back into the ip stack, I am using ipq_set_verdict() mechanism provided by the ip_queue module. Can any body tell/guide me how can I intercept the packet at PRE_ROUTING stage. Any sample program/code snippet will be really useful. -- Thanks & Regards, Gaurav Aggarwal On 9/18/07, Mulyadi Santosa <[EMAIL PROTECTED]> wrote: > > Hi... > > Hi, > > > > I'm using ip_tables and ip_queue modules to trap the packets from IP > stack > > to a userspace VPN product, using nothing but standard kernel modules > (and > > my own VPN proxy app). The packets flowing into or out of the machine > get > > diverted to a userspace application (actually a VPN client), where > src/dest > > addresses are modified if needed, and then injected back into the local > IP > > stack. > > > > Just trying to clear up some doubts: > 1. Which chain(?) do you use ? pre routing? post routing? > > 2. How do you inject the packet back to the kernel? > > My raw hypothese: there is a chance you put back the packet into > postrouting chain. The network stack realize it, but since it's already > queued for outer destination, it gave you the error message instead. > > regards, > > Mulyadi > -- Regards, Gaurav Aggarwal
