Rick Jones a écrit :
Eric Dumazet wrote:
Rick Jones a écrit :

More to the point, on what basis would the application be rejecting a
connection request based solely on the SYN?


True, it isn't like there would suddenly be any call user data as in XTI/TLI.


DATA payload could be included in the SYN packet. TCP specs allow this AFAIK.

Yes, but it isn't supposed to be delivered until the 3-way handshake is complete right?

Are you speaking of 20 years old BSD API ? :)

Martin, I played with libnetfilter_queue (http://www.netfilter.org/projects/libnetfilter_queue/index.html)

With this single iptables rules, I was able to do what you want : transmit the SYN message to a user application, that may DROP this packet or let it pass normal TCP stack.

iptables -A INPUT -p tcp --dport 333 --syn -j QUEUE

Then hack nfqnl_test.c to meet your needs (see nfq_set_verdict(), nfq_get_payload())

Be prepared to receive the 'same SYN' several time if your X.25 call attempt is too long.

(You have to be root unfortunatly)

Eric

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to