RE: Trapping all Incoming Network Packets

RE: Trapping all Incoming Network Packets

[Hari Gadi]

Hi,
Is it possible to change the packet (add an extra ip header)
and send it back to network bypassing the routing functionality.
I want to do my own routing.( I add the hardware address of the destination machine)

thanks,
Hari.

-----Original Message-----
From: Chris Friesen [mailto:cfriesen@nortelnetworks.com]
Sent: Monday, March 18, 2002 2:17 PM
To: prade@cs.sunysb.edu
Cc: linux-kernel@vger.kernel.org
Subject: Re: Trapping all Incoming Network Packets


prade@cs.sunysb.edu wrote:

> I want to sniff the packets, and make a
> decision based on certain characteristics of each packet. So I need to
> have a filter between the IP and link-layer. Also, I do not want the
> filter to slow down traffic. Hence I believe implementing inside kernel
> will be more efficient.

Write a netfilter module and bind it in to NF_IP_PRE_ROUTING or NF_IP_LOCAL_IN
as appropriate.  This will allow you to analyze the packet and decide whether to
keep or discard it (or mangle it if you want).

This is what netfilter is there for.

Chris

-- 
Chris Friesen                    | MailStop: 043/33/F10  
Nortel Networks                  | work: (613) 765-0557
3500 Carling Avenue              | fax:  (613) 765-2986
Nepean, ON K2H 8E9 Canada        | email: cfriesen@nortelnetworks.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

RE: Trapping all Incoming Network Packets

[prade]

On Mon, 18 Mar 2002, Hari Gadi wrote:

> Hi,
> Is it possible to change the packet (add an extra ip header)
> and send it back to network bypassing the routing functionality.
> I want to do my own routing.( I add the hardware address of the destination machine)

In IP-IP encapsualtion, after adding the outer IP header, the ip_send
function is invoked. Instead for your purpose you can have your own
function and write your routing table lookup. You can check the
net/ipv4/ipip.c code

--pradipta

Re: Trapping all Incoming Network Packets

[Chris Friesen]

prade@cs.sunysb.edu wrote:

> I want to sniff the packets, and make a
> decision based on certain characteristics of each packet. So I need to
> have a filter between the IP and link-layer. Also, I do not want the
> filter to slow down traffic. Hence I believe implementing inside kernel
> will be more efficient.

Write a netfilter module and bind it in to NF_IP_PRE_ROUTING or NF_IP_LOCAL_IN
as appropriate.  This will allow you to analyze the packet and decide whether to
keep or discard it (or mangle it if you want).

This is what netfilter is there for.

Chris

-- 
Chris Friesen                    | MailStop: 043/33/F10  
Nortel Networks                  | work: (613) 765-0557
3500 Carling Avenue              | fax:  (613) 765-2986
Nepean, ON K2H 8E9 Canada        | email: cfriesen@nortelnetworks.com

RE: Trapping all Incoming Network Packets

[Robert Pfister]

prade@cs.sunysb.edu writes:

>To do it in user space, you have to use the raw socket interface. This
>by-passes the entire TCP/IP stack. I want to sniff the packets, and make a
>decision based on certain characteristics of each packet. So I need to
>have a filter between the IP and link-layer. Also, I do not want the
>filter to slow down traffic. Hence I believe implementing inside kernel
>will be more efficient.

I've looked at an implementation of something similar. The approach was as
follows:

* insert a "hook" into the netif_rx that would act as a filter
* use a module that:
	* activates hook
	* apply filtering
	* sends back packets to netif_rx for normal processing
* when module is unloaded, deactivate the "hook"

RE: Trapping all Incoming Network Packets

[prade]

On Mon, 18 Mar 2002, Robert Pfister wrote:

> There are ways to accomplish similar things in user space. Is there some
> reason that you need to do this in the kernel? What is your end-goal with
> this?
>
> Robb
>

To do it in user space, you have to use the raw socket interface. This
by-passes the entire TCP/IP stack. I want to sniff the packets, and make a
decision based on certain characteristics of each packet. So I need to
have a filter between the IP and link-layer. Also, I do not want the
filter to slow down traffic. Hence I believe implementing inside kernel
will be more efficient.

-- pradipta

RE: Trapping all Incoming Network Packets

[Robert Pfister]

There are ways to accomplish similar things in user space. Is there some
reason that you need to do this in the kernel? What is your end-goal with
this?

Robb

-----Original Message-----
From: linux-kernel-owner@vger.kernel.org
[mailto:linux-kernel-owner@vger.kernel.org]On Behalf Of
prade@cs.sunysb.edu
Sent: Sunday, March 17, 2002 4:57 PM
To: linux-kernel@vger.kernel.org
Cc: prade@cs.sunysb.edu
Subject: Trapping all Incoming Network Packets


Hi,

I am trying to write a module that will redirect all the packets to my
recv routine, instead of going to the recv routines of the specific
protocols. For example, a packet with the protocol field ETH_P_IP should
come to "my_recv" before going to ip_rcv.

My restriction is I cannot add my own header. In other words, I cannot
register my own protocol handler and attach a header to each packet to
redirect it to "my_recv".

The option I figured out seems to be changing the function pointers, eg.
net_rx_action by my own net_rx_action at init_module time and restoring it
at cleanup. But since 2.4 kernel does not export any function to deal with
the data structures holding the function pointers, I am in a fix.

I look forward to some interesting suggestions about how to get around the
problem for 2.4 kernels.

Thanks,
-- pradipta.

NB. Plz say "yes" to the cc-option. Thx. :-)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: Trapping all Incoming Network Packets

[Bernd Eckenfels]

In article <Pine.GSO.4.33.0203171840250.5841-100000@compserv3> you wrote:
> I am trying to write a module that will redirect all the packets to my
> recv routine, instead of going to the recv routines of the specific
> protocols. For example, a packet with the protocol field ETH_P_IP should
> come to "my_recv" before going to ip_rcv.

You should elaborate for what you need it. You can use the TUN/TAP driver
for usermode, use netfilter hooks for filtering.

Greetings
Bernd

Trapping all Incoming Network Packets

[prade]

Hi,

I am trying to write a module that will redirect all the packets to my
recv routine, instead of going to the recv routines of the specific
protocols. For example, a packet with the protocol field ETH_P_IP should
come to "my_recv" before going to ip_rcv.

My restriction is I cannot add my own header. In other words, I cannot
register my own protocol handler and attach a header to each packet to
redirect it to "my_recv".

The option I figured out seems to be changing the function pointers, eg.
net_rx_action by my own net_rx_action at init_module time and restoring it
at cleanup. But since 2.4 kernel does not export any function to deal with
the data structures holding the function pointers, I am in a fix.

I look forward to some interesting suggestions about how to get around the
problem for 2.4 kernels.

Thanks,
-- pradipta.

NB. Plz say "yes" to the cc-option. Thx. :-)