> Ramsurrun Visham wrote: > > What I want to do is that after libpcap prints the stats about each > > packet it captures, I want the whole ethernet frame to be sent to the > > IPTables firewall I've set up. It as if there was no libpcap there. > > Does the iptables mechanism know, or care, whether somebody happens to > be using a PF_PACKET socket? That's all libpcap does - establish a > PF_PACKET socket to tap packets - is the iptables mechanism even involved? > > I.e., does it even make a difference whether libpcap is involved or not? > Do packets that would normally get sent through iptables not get sent > through iptables if there's a PF_PACKET socket open and the packets are > also sent to the PF_PACKET socket? > > If the answer is no, it doesn't *matter* whether there's a libpcap there. > - > This is the tcpdump-workers list. > Visit https://lists.sandelman.ca/ to unsubscribe.
The fact is that I don't know what happens to he packets after libpcap finishes it work with them - does it release them in the normal flow of traffic (as if it weren't there) or is it passed to its destination process through some other mechanism.. Many thx for your thoughts. I'll go and test to see if the packets that are captured by libpcap are passed to iptables. I'll enable the logging mechanism of iptables for that purpose.. Thx again.. Regards, Visham. This mail has been scanned for viruses by the UoM Antivirus Gateway. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
