[Gllug] alternative to ETH_P_ALL
Chris Bell
chrisbell at overview.demon.co.uk
Thu Nov 11 09:02:23 UTC 2004
On Thu 11 Nov, Ian Norton wrote:
>
> Hi folks,
>
> Im hoping there is a network hacker lurking..
>
> Basically im writing a kernel module, I want to munge some/all of the network
> traffic going directly to and from my box,
>
> if i register a packet handler under ETH_P_IP i only get incoming IP datagrams
> and not any generated locally, using ETH_P_ALL instead 'does' give me all in
> and outbound datagrams but also gives me stuff like ARP or IPX which I really
> really dont want.
>
> any suggestions for grabbing outgoing IP datagrams locally without having to
> patch existing code?
>
> Ian
>
>
I have not done much with firewall rule generation software, but as I was
trying in every case to specify the source and destination routes, but only
to insert a few minimal rules in a specific order, I simply wrote a set of
rules using iptables commands, placed them in an executable file, and called
that file before any of the interfaces were brought up. Both input and
output interfaces can be specified where relevant in any rule on any table,
including the three built-in permanent chains. It appears to be functioning
correctly, but I have only just started full testing.
I am using a separate 486/66 box with 16MB RAM and just over 500MB hard
disc, although I increased the RAM to 32MB while I installed a minimal
Debian Sarge. The BIOS could not boot from CD on its own, so I removed the
CD drive and did a full network installation from the boot, root, and
network driver floppies. There is no need to modify the kernel,
netfilter/iptables does it all.
Bridge-utils also "just works" with two or more interfaces and about 3-4
lines of set-up, giving an unseen transparent bridge with filtering
capabilities.
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list