Giacomo wrote:
> Good morning, i'm a student who, for study purpose, is writing a simple
> firewall in linux kernel.
> While i've understood the travel an input packet does when enters the
> linux kernel, i would like to know what functions are involved in output
> sending.
>
> I put the hooks to my functions where i found already existing netfilter
> hooks and this is the problem:
>
> - while the number of packets traversing input and prerouting hooks is the
> same, and all packets incoming pass through the hooks (in the simple case
> of 2 computer connected without forwarding), the number of packets that
> appear in postrouting hook is much grater that the number of packets which
> i see in output hooks!
Outgoing packets: outgoing hook, postrouting hook
Forwarded packets: pre-, input-,postrouting hook
So packets in the postrouting hook, hooks outgoing and forwarded packets.
>
> Then i noticed that in ip_output.c, there are many netfilter hooks... and
> i was wondering if i should put my hooks everywhere there is a netfilter
> hook.
Nope, use the points you can access using Netfilter. Read Rustys Manual.
>
> First of all, anyway, I would like to count all packets locally generated
> by my applications, such as ssh or telnet or ping or nmap, and verify that
> all them pass through output AND postrouting hooks.
Just do it!
>
> Thanks a lot to anyone who can tell me any suggestion about packet
> handling in linux kernel.
>
Alex
> PS: i am running kernel 2.6.11.
>
> thanks in advance
>
> Giacomo Strangolino.
|
Similar Threads
Linear Mode
