Talkback for article: 367, February2005

Writing your own netfilter match

Back to: http://cgi.linuxfocus.org/English/February2005/article367.shtml

From: Anush [ date: 2005-03-24 ]
Thanks for the nice step by step write up on this sparsely area of netfilter module extension.
From: Nicolas [ date: 2005-04-07 ]
Thanks Anush for your comment, it's really appreciated :)
From: Hadrien [ date: 2005-04-11 ]
Great tutorial, thanks a lot! BTW, do you know how to develop a module indepedently from netfilter? A kernel module can be built separately from the kernel, a shared library can be built alone... but I found no way to develop a netfilter module without compiling all the netfilter stuff (I've got a problem with _init() function...). It would help me a lot if you had a solution!
From: Wolfman's Brother [ date: 2005-05-06 ]
Or .. you can write match modules using the ROPE scripting language. No need for C programming at all. See: http://www.lowth.com/rope

From: Syncros <charles.michaud(at)gmail.com> [ date: 2005-06-11 ]
acidfu t'es une vraie bete!
From: Alexei [ date: 2005-07-18 ]
Great walk through. Thank you.

BTW, in 2.2.2 and 2.2.3 shouldn't it be:
const struct ipt_ipaddr_info *info = matchinfo;
instead of
const struct ipt_skeleton_info *info = matchinfo;

Looks like cut'n'paste error. But can be confusing
for the first time reader.
From: Alexei [ date: 2005-07-19 ]
Great walk through. Thank you.

BTW, in 2.2.2 and 2.2.3 shouldn't it be:
const struct ipt_ipaddr_info *info = matchinfo;
instead of
const struct ipt_skeleton_info *info = matchinfo;

Looks like cut'n'paste error. But can be confusing
for the first time reader.
From: Lee <y_h_lee(at)yahoo.com> [ date: 2005-08-29 ]
Hi, nice documentation...
Actually, I need some more help from experts in this domain (like you) =)

At POSTROUTING hook I send packet back to user space (NF_QUEUE). Since the packet passed routing decision (route to destination already exists in kernel routing table), the packet should contain already the next hop of the route. How can I extract this information at userspace and manipulate the next hop's address in order to send via another node (this route is already in the kernel routing table)? Is this possible?
Or is it possible to do the change of the route directly in kernel space?
thank you...
From: Nicolas Bouliane [ date: 2005-09-04 ]
Thanks you peoples for comment ;)
for question about iptables/netfilter you should
ask on their respective mailing-list
From: col [ date: 2006-03-26 ]
thanks mate.

10 talkbacks




Due to the increased amount of web spam we have deciced to removed the talkback posting possibility. You can read old talkbacks but you can no longer post new ones.

Back to http://cgi.linuxfocus.org/English/February2005/article367.shtml

Please contact webmaster(at)linuxfocus.org if you have any questions with regards to this talkback

lftalkback version 3.10