[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux Socket Filter




On Thu, 21 Dec 2000, Nadav Har'El wrote:

> > also, you wantthe original packets to keep on traveling to their
> > destinatin, or be captured by your software only, and not rich their
> > original destination directly?
>
> I want only my program to get these packets (otherwise the kernel will ruin
> the TCP session I'm trying to make by sending back RST packets). I was
> thinking of doing this using Linux's firewalling code.

don't think - do. it's very easy for a filter as simple as you need.
ipchains can redirect packets to go into user mode, using netlink sockets.
with a very simple game, you can make the packets get copied into
user-space, and yet not travel up the regular TCP stack (using the DROP
target with ipchains). using libpcap, you can only read packets - not
block the system from processing them.

this method works nicely, but not together with masquerading. you'll need
to move to kernel 2.4 to be able to mix both options, should you need that
option. in any event, there's no need for any kernel code change to get
this working - only kernel recompilation to support netlink sockets (and
firewalling, ofcourse, but i guess you already have that enabled).

--
guy

"For world domination - press 1,
 or dial 0, and please hold, for the creator." -- nob o. dy


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il