[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter-devel
Subject: Re: Modifying netfilter tables from kernelspace
From: James Morris <jmorris () intercode ! com ! au>
Date: 2001-05-31 1:22:24
[Download RAW message or body]
On Wed, 30 May 2001, Richard Guy Briggs wrote:
> On Thu, May 31, 2001 at 03:31:14AM +1000, James Morris wrote:
> > On Wed, 30 May 2001, Richard Guy Briggs wrote:
> >
> > > Does QUEUE return NF_STOLEN?
> >
> > No, it doesn't return. The packet's journey terminates at the queue
> > handler at that stage, and only returns to the stack when nf_reinject() is
> > called with either DROP or ACCEPT as a verdict. This is also why a
> > packet which hits the QUEUE target does not traverse any more rules in the
> > chain.
>
> Can you remind me how the problem of a lost packet in userspace is dealt
> with? Would it not pile up state in the kernel that cannot be
> recovered?
>
Losing a packet in userspace is not an option. The default queue driver
(ip_queue) adds the packet to a queue the kernel and sends a copy to
userspace. All packets are nf_reinject()'d back eventually, no matter
what happens in userspace.
- James
--
James Morris
<jmorris@intercode.com.au>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic