I am currently trying to grab multicast packets off one ethernet interface,
do some processing on them, and then pass them out another different
interface. Thus I was wondering what functionality exists in
netfilter/iptables to accomplish this (any insight also appreciated).
Graphically (dual homed machine)
MC Traffic ==> eth0
do some stuff
based on data
if okay then
eth1 ==> same MC Traffic
else drop it
I want to retain the header information as well and the main problem I see
right now is that if I try to use the QUEUE target to get packets I don't
seem to be able to specify the outgoing interface (ie sendto / sendmsg seem
to just accept or send out the same interface (eth0)). I am trying to find
the least intrusive way to do this (such that when I make changes I will not
have to recompile the kernel or make sure changes will not invalidate
previously unmodified and working parts). In terms of solutions I have
looked at possibly:
Playing with the TTL field (maybe with the TTL extension, which I currently
cannot get loaded) and then grabbing the packets off OUTPUT (with QUEUE on
eth1),
Creating a new hook to get the sk_buff and then modifying it (the dev fields
and such) without breaking the iptables stuff (and figuring out how to
correctly nf_reinject it with NF_STOLEN?)
Using sockets to somehow get the sk_buff or some data that allows me to
specify the device (or then plod through socket data, copy/change, and then
somehow rebind with SO_BINDTODEVICE)
Any answers, insight, or solutions is greatly appreciated.
------------
Robert Joyce
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
