Dear all,
First of all, I would like to say that I got troubles
when sending to the Netfilter-devel mailing list,
that's why I am sending my request also to some of
Netfilter core team (the ones specifying direct
e-mails at the Netfilter page).
I am implementing a protocol which requires to use
some of the on-the-fly active connections information,
in particular, I am interested on the last seq and ack
values associated to each active connection.
These values will be used by another process which
will build faked packets with the same values.
I thought about two solutions:
- The first one uses the Netfilter capabilities, which
registers a callback function at a given hook so as to
read the packet and write the required information
somewhere in the procfs filesystem. The other process
will then read from procfs to build faked packets.
As far as packets are read at the kernel level,
performance is expected to be better that the second
solution.
- The second solution uses pcap capabilities to sniff
packets and to manage the associated connections. A
lot to do at the user space and the solution doesn't
seem "elegant".
The idea of the first solution is simple:
the callback function is applied to each packet, for a
given protocol dst port I will fill in a
conn_structure in procfs.
What I can't see is how to manage the list of all the
active connections at once,without having to care
about the staff of comparing the incoming packets with
the list of the already existing ones etc.
I am sure that I can reuse something from the kernel
net framework to write the logger kernel module.
Can anyone help me to solve this issue?
A lot of thanks in advance,
all My best Regards,
--Siri
____________________________________________________________________________________________
Découvrez le blog Yahoo! Mail : dernières nouveautés, astuces, conseils.. et vos réactions !
http://blog.mail.yahoo.fr
First of all, I would like to say that I got troubles
when sending to the Netfilter-devel mailing list,
that's why I am sending my request also to some of
Netfilter core team (the ones specifying direct
e-mails at the Netfilter page).
I am implementing a protocol which requires to use
some of the on-the-fly active connections information,
in particular, I am interested on the last seq and ack
values associated to each active connection.
These values will be used by another process which
will build faked packets with the same values.
I thought about two solutions:
- The first one uses the Netfilter capabilities, which
registers a callback function at a given hook so as to
read the packet and write the required information
somewhere in the procfs filesystem. The other process
will then read from procfs to build faked packets.
As far as packets are read at the kernel level,
performance is expected to be better that the second
solution.
- The second solution uses pcap capabilities to sniff
packets and to manage the associated connections. A
lot to do at the user space and the solution doesn't
seem "elegant".
The idea of the first solution is simple:
the callback function is applied to each packet, for a
given protocol dst port I will fill in a
conn_structure in procfs.
What I can't see is how to manage the list of all the
active connections at once,without having to care
about the staff of comparing the incoming packets with
the list of the already existing ones etc.
I am sure that I can reuse something from the kernel
net framework to write the logger kernel module.
Can anyone help me to solve this issue?
A lot of thanks in advance,
all My best Regards,
--Siri
____________________________________________________________________________________________
Découvrez le blog Yahoo! Mail : dernières nouveautés, astuces, conseils.. et vos réactions !
http://blog.mail.yahoo.fr