netfilter event on packet locally processed ( netfilter C kernel module code)
If an incoming packet comes in AND is locally proces开发者_Go百科sed, is there a way to get notified of that event?
I'm currently using the NF_IP_LOCAL_IN hook. But it looks like this gives all packets destined for the interface. For example suppose tcp packet X comes to port 5000, and there is a socket listening on port 5000. I would like to receive that event.
To clarify, I mean I only want to receive packet X events. All other packets that are not processed locally, (i.e. those that generate ICMP destination unreachable I don't want to be notified about)
Netfilter lives at L3/L4, so it only has access to information up to L4. OTOH, LSMs (Linux Security Modules) have hooks almost everywhere, including socket_recvmsg
, which I think should be called only for the packets that you are interested in.
Now, whether you can use this depends on your situation. Is there a LSM already running on your environment? If the answer is yes, can you make and insert a policy for your LSM that would be enough for your purposes?
Well, the interface must be lo.
Or I don't understand why LOCAL_IN hook doesn't satisfy you.
精彩评论