[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: Modifying netfilter tables from kernelspace
From:       James Morris <jmorris () intercode ! com ! au>
Date:       2001-05-31 1:22:24
[Download RAW message or body]

On Wed, 30 May 2001, Richard Guy Briggs wrote:

> On Thu, May 31, 2001 at 03:31:14AM +1000, James Morris wrote:
> > On Wed, 30 May 2001, Richard Guy Briggs wrote:
> >
> > > Does QUEUE return NF_STOLEN?
> >
> > No, it doesn't return.  The packet's journey terminates at the queue
> > handler at that stage, and only returns to the stack when nf_reinject() is
> > called with either DROP or ACCEPT as a verdict.  This is also why a
> > packet which hits the QUEUE target does not traverse any more rules in the
> > chain.
>
> Can you remind me how the problem of a lost packet in userspace is dealt
> with?  Would it not pile up state in the kernel that cannot be
> recovered?
>

Losing a packet in userspace is not an option.  The default queue driver
(ip_queue) adds the packet to a queue the kernel and sends a copy to
userspace.  All packets are nf_reinject()'d back eventually, no matter
what happens in userspace.


- James
-- 
James Morris
<jmorris@intercode.com.au>

[prev in list] [next in list] [prev in thread] [next in thread]