Hello, I am currently trying to grab multicast packets off one ethernet
interface, do some processing on them, and then pass them out another
different interface. Thus I was wondering what functionality exists in
netfilter/iptables to accomplish this (any insight also appreciated).
Graphically (dual homed machine)
MC Traffic ==> eth0
do some stuff
based on data
if okay then
eth1 ==> same MC Traffic
else drop it
I want to retain the header information as well and the main problem I see
right now is that if I try to use the QUEUE target to get packets I don't
seem to be able to specify the outgoing interface (ie sendto / sendmsg seem
to just accept or send out the same interface (eth0)). I am trying to find
the least intrusive way to do this (such that when I make changes I will not
have to recompile the kernel or make sure changes will not invalidate
previously unmodified and working parts). In terms of solutions I have
looked at possibly:
Playing with the TTL field (maybe with the TTL extension, which I currently
cannot get recognized) and then grabbing the packets off OUTPUT (with QUEUE
on eth1)
Creating a new hook to get the sk_buff and then modifying it (the dev fields
and such) without breaking the iptables stuff (and figuring out how to
correctly nf_reinject it with NF_STOLEN?)
Using sockets to somehow get the sk_buff or some data that allows me to
specify the device (or then plod through socket data, copy/change, and then
somehow rebind with SO_BINDTODEVICE)
Does the QUEUE target by itself provide the ability to change and specify
the outgoing device for a given packet?
Any answers, insight, or solutions is greatly appreciated and thanks in
advance.
------------
Robert Joyce
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
