Hi Paul,
I'm still not sure why you wanted to automate such process at kernel level.
But Its really an interesting thought. Ya It took a little long time to move
on your problem, but I've a hope to achieve this. You know me too usually
take interest in such adventures, so I took you personally ;-)
Anyway from your description I'd define your goal as "Making System Calls
from Kernel Space". I got this idea by khttpd module of kernel, and I got
same deal on Internet from website of very popular Linux Identity
"Alessandro Rubini". Just go through his guide on link
http://www.linux.it/kerneldocs/ksys/ksys.html.
>> 2.- Can I use libiptc or another lib or *.h for manipulate the packet
and
>> compare with a file with IP's and enable go to the QUEUE without scripts
>> below, for example:
>> iptables -I FORWARD -j QUEUE or
>> iptables -t mangle -I PREROUTING -j QUEUE
To achieve this you require to write your own "Target" for netfilter, like
ACECPT,REJECT,... Easiest to look into target "TOS".
>> 3.- Why using table "mangle" for sent the packet to the QUEUE in
>> PREROUTING the catch of the packet is more fast than using the QUEUE in
>> the table "filter" in FORWARD.
It depends on which traffic you wanted to intercept. If you Implement QUEUE
in FORWARD then you will miss all those packets ehich intended to host. Just
a Silly question here: Do you have clear idea of how packet travel into
netfilter code? Which chains are travel and in which order? Don't get
annoyed, from yours "see the comments...Step Table Chain Comment... " I can
say that you have little idea atleast ;-).
>> 4.- In the HOW-TO hacking-netfilter i read some functionality using
KERNEL
>> function for add rules i read this but How can I do ?
It would be nice if you snapped that part of documentation in this mail.
-- Sumit
