Accepting packets in user-space from netfilter

Question

I want to capture all tcp packets on port 80 that are going to a forward address and pass them into a user-space program for mangling. I know how to do this with an IPtables rule such as

iptables -A FORWARD ... -j NFQUEUE --queue-num 10

but i can't seem to find any examples, and there is a time restriction, so I can't just sift through wireshark code. I'm looking for examples, or even a place to start. Can I use sockets? or is there a kernel data structure that I can use to pop packets off of the stack, and once I'm done, how can I pass the packets back to netfilter?

Answer 1

You can write a kernel module that registers for queued packets for a certain protocol. You can read the netfilter-hacking-HOWTO, page 25 has a section "Processing Queued Packets". This section discusses at a higher level but answers everything you asked.

Download it from: http://www.netfilter.org/documentation/index.html#documentation-howto

you can use nf_reinject() to let the packet get processed further.

I don't want to repeat whatever is in this guide but this should be enough to start with.