开发者

netfilter event on packet locally processed ( netfilter C kernel module code)

If an incoming packet comes in AND is locally proces开发者_Go百科sed, is there a way to get notified of that event?

I'm currently using the NF_IP_LOCAL_IN hook. But it looks like this gives all packets destined for the interface. For example suppose tcp packet X comes to port 5000, and there is a socket listening on port 5000. I would like to receive that event.

To clarify, I mean I only want to receive packet X events. All other packets that are not processed locally, (i.e. those that generate ICMP destination unreachable I don't want to be notified about)


Netfilter lives at L3/L4, so it only has access to information up to L4. OTOH, LSMs (Linux Security Modules) have hooks almost everywhere, including socket_recvmsg, which I think should be called only for the packets that you are interested in.

Now, whether you can use this depends on your situation. Is there a LSM already running on your environment? If the answer is yes, can you make and insert a policy for your LSM that would be enough for your purposes?


Well, the interface must be lo.

Or I don't understand why LOCAL_IN hook doesn't satisfy you.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜