packet drop notifications -?

Discussion in 'Linux Networking' started by chcat, Dec 8, 2011.

  1. chcat

    chcat Guest

    Hello,
    I am looking for the approach to receive notifications in application
    code when linux firewall drops the packet.
    Can it be done without changes in kernel code?
    Thanks....
     
    chcat, Dec 8, 2011
    #1
    1. Advertisements

  2. Add a LOG rule before each DROP rule, and then monitor the kernel log
    output.
     
    Richard Kettlewell, Dec 8, 2011
    #2
    1. Advertisements

  3. chcat

    Jorgen Grahn Guest

    I seem to recall there are other actions which can be used too ...
    Depends on what he wants to do.

    (I once wanted to play a "plonk" sound every time, but never got
    around to implementing it.)

    /Jorgen
     
    Jorgen Grahn, Dec 8, 2011
    #3
  4. chcat

    chcat Guest

    Are there other methods that wouldn't require changes of existing
    RULES ? I am interested more in the terms of programmatic "hooks"...
    Thanks.
     
    chcat, Dec 10, 2011
    #4
  5. chcat

    Jorgen Grahn Guest

    Why would there be one? iptables(8) says

    ACCEPT means to let the packet through. DROP means to drop the
    packet on the floor. QUEUE means to pass the packet to
    userspace.

    They have little reason to add this functionality to DROP, when it's
    already available and called QUEUE. (Not counting the many extension
    targets, one of which may suit you better, depending on what you want
    to do.)

    /Jorgen
     
    Jorgen Grahn, Dec 10, 2011
    #5
  6. chcat

    chcat Guest

    Sorry if i did not state the problem clearly enough...
    Iptables firewall is already running on the system.
    The application in question, or its user cannot change iptables rules.
    That's up to firewall admin.
    The application needs approximate count of packet drop by firewall per
    second.
    Any suggestions?
    Thanks in any case.
     
    chcat, Dec 11, 2011
    #6
  7. chcat

    Jorgen Grahn Guest

    This sounds like a problem. I think it is unlikely that you'll find a
    way to do things to the iptables which do not require the cooperation
    of the admin.
    That is a humble wish (little security or privacy impact) but it seems
    unlikely that you can do anything unless you at least have access to
    the logs.

    Note though that I'm not an expert; perhaps someone else can explain
    the issues better.

    /Jorgen
     
    Jorgen Grahn, Dec 11, 2011
    #7
  8. Hi chcat,

    You want the notification exactly where? In sending application? Then
    don't use DROP, use REJECT. It causes ICMP replies to be sent.

    Jamma.
     
    Jamma Tino Schwarze, Dec 13, 2011
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.