What I want to do is that after libpcap prints the stats about each packet it captures, I want the whole ethernet frame to be sent to the IPTables firewall I've set up. It as if there was no libpcap there.
Does the iptables mechanism know, or care, whether somebody happens to be using a PF_PACKET socket? That's all libpcap does - establish a PF_PACKET socket to tap packets - is the iptables mechanism even involved?
I.e., does it even make a difference whether libpcap is involved or not? Do packets that would normally get sent through iptables not get sent through iptables if there's a PF_PACKET socket open and the packets are also sent to the PF_PACKET socket?
If the answer is no, it doesn't *matter* whether there's a libpcap there. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
