> > What I'm trying is to to make hand crafted "filter" which would allow some
> > packages trough and other would be dropped to ground for the reason that I
> > don't get skb->list to "handle_packet" function it'd seem that this is not
> > possible in linux? Is there any way around this.
> Wrong place to hook into. Hook into the firewall modules instead
Yes I thought of this at first but when it seemed that it would not work
also in 2.0.x series I didn't look much to this.
But if there is no way of dropping packages in implementation that I have
been doing (except modifying IP destinations (skb->data[26-33]) to
something weird ;) ) it would seem that I'd have to try this ipchains
method.
I did try kfree(skb); but it wasn't much of a surprise when machine
crashed (ie. freed package that was still on queue :))
with bit of a digging also found function inet_add_protocol() which
probably could also be used(?) but it seems that it is affecting only IP
traffic :(.
What little I have so far understood about firewall chains is that when I
make the module it needs in initialization to register new chain.
"register_firewall(PF_(PACKET,INET?),&ipfw_ops)"
Would it then be neccesary use ipchains program in (l)user space so that
ALL net traffic would go trough this module?
Just trying to find a way to put all net traffic trough a function(s) that
would totally mess the packets up (send on,modify them,drop em,send em
back,etc) and in a way that it'd work in 2.0 and 2.2 (hopefully 2.4 no
major net changes there?).
Regards
--
Janne P�nk�l�
echo [EMAIL PROTECTED] | tr acefhiklnptu utpnlkihfeca
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
