Hi,
I am trying to write a module that will redirect all the packets to my
recv routine, instead of going to the recv routines of the specific
protocols. For example, a packet with the protocol field ETH_P_IP should
come to "my_recv" before going to ip_rcv.
My restriction is I cannot add my own header. In other words, I cannot
register my own protocol handler and attach a header to each packet to
redirect it to "my_recv".
The option I figured out seems to be changing the function pointers, eg.
net_rx_action by my own net_rx_action at init_module time and restoring it
at cleanup. But since 2.4 kernel does not export any function to deal with
the data structures holding the function pointers, I am in a fix.
I look forward to some interesting suggestions about how to get around the
problem for 2.4 kernels.
Thanks,
-- pradipta.
NB. Plz say "yes" to the cc-option. Thx. :-)
There are ways to accomplish similar things in user space. Is there some
reason that you need to do this in the kernel? What is your end-goal with
this?
Robb
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: Sunday, March 17, 2002 4:57 PM
To: [email protected]
Cc: [email protected]
Subject: Trapping all Incoming Network Packets
Hi,
I am trying to write a module that will redirect all the packets to my
recv routine, instead of going to the recv routines of the specific
protocols. For example, a packet with the protocol field ETH_P_IP should
come to "my_recv" before going to ip_rcv.
My restriction is I cannot add my own header. In other words, I cannot
register my own protocol handler and attach a header to each packet to
redirect it to "my_recv".
The option I figured out seems to be changing the function pointers, eg.
net_rx_action by my own net_rx_action at init_module time and restoring it
at cleanup. But since 2.4 kernel does not export any function to deal with
the data structures holding the function pointers, I am in a fix.
I look forward to some interesting suggestions about how to get around the
problem for 2.4 kernels.
Thanks,
-- pradipta.
NB. Plz say "yes" to the cc-option. Thx. :-)
On Mon, 18 Mar 2002, Robert Pfister wrote:
> There are ways to accomplish similar things in user space. Is there some
> reason that you need to do this in the kernel? What is your end-goal with
> this?
>
> Robb
>
To do it in user space, you have to use the raw socket interface. This
by-passes the entire TCP/IP stack. I want to sniff the packets, and make a
decision based on certain characteristics of each packet. So I need to
have a filter between the IP and link-layer. Also, I do not want the
filter to slow down traffic. Hence I believe implementing inside kernel
will be more efficient.
-- pradipta
[email protected] wrote:
> I want to sniff the packets, and make a
> decision based on certain characteristics of each packet. So I need to
> have a filter between the IP and link-layer. Also, I do not want the
> filter to slow down traffic. Hence I believe implementing inside kernel
> will be more efficient.
Write a netfilter module and bind it in to NF_IP_PRE_ROUTING or NF_IP_LOCAL_IN
as appropriate. This will allow you to analyze the packet and decide whether to
keep or discard it (or mangle it if you want).
This is what netfilter is there for.
Chris
--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: [email protected]
[email protected] writes:
>To do it in user space, you have to use the raw socket interface. This
>by-passes the entire TCP/IP stack. I want to sniff the packets, and make a
>decision based on certain characteristics of each packet. So I need to
>have a filter between the IP and link-layer. Also, I do not want the
>filter to slow down traffic. Hence I believe implementing inside kernel
>will be more efficient.
I've looked at an implementation of something similar. The approach was as
follows:
* insert a "hook" into the netif_rx that would act as a filter
* use a module that:
* activates hook
* apply filtering
* sends back packets to netif_rx for normal processing
* when module is unloaded, deactivate the "hook"
Hi,
Is it possible to change the packet (add an extra ip header)
and send it back to network bypassing the routing functionality.
I want to do my own routing.( I add the hardware address of the destination machine)
thanks,
Hari.
-----Original Message-----
From: Chris Friesen [mailto:[email protected]]
Sent: Monday, March 18, 2002 2:17 PM
To: [email protected]
Cc: [email protected]
Subject: Re: Trapping all Incoming Network Packets
[email protected] wrote:
> I want to sniff the packets, and make a
> decision based on certain characteristics of each packet. So I need to
> have a filter between the IP and link-layer. Also, I do not want the
> filter to slow down traffic. Hence I believe implementing inside kernel
> will be more efficient.
Write a netfilter module and bind it in to NF_IP_PRE_ROUTING or NF_IP_LOCAL_IN
as appropriate. This will allow you to analyze the packet and decide whether to
keep or discard it (or mangle it if you want).
This is what netfilter is there for.
Chris
--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: [email protected]
On Mon, 18 Mar 2002, Hari Gadi wrote:
> Hi,
> Is it possible to change the packet (add an extra ip header)
> and send it back to network bypassing the routing functionality.
> I want to do my own routing.( I add the hardware address of the destination machine)
In IP-IP encapsualtion, after adding the outer IP header, the ip_send
function is invoked. Instead for your purpose you can have your own
function and write your routing table lookup. You can check the
net/ipv4/ipip.c code
--pradipta
In article <Pine.GSO.4.33.0203171840250.5841-100000@compserv3> you wrote:
> I am trying to write a module that will redirect all the packets to my
> recv routine, instead of going to the recv routines of the specific
> protocols. For example, a packet with the protocol field ETH_P_IP should
> come to "my_recv" before going to ip_rcv.
You should elaborate for what you need it. You can use the TUN/TAP driver
for usermode, use netfilter hooks for filtering.
Greetings
Bernd