[Gllug] alternative to ETH_P_ALL

Ian Norton,Small,no,yes bredroll at darkspace.org.uk
Thu Nov 11 09:27:39 UTC 2004 

On Thu, Nov 11, 2004 at 10:02:23AM +0100, Chris Bell wrote:
> On Thu 11 Nov, Ian Norton wrote:
> > 
> > Hi folks, 
> > 
> > Im hoping there is a network hacker lurking.. 
> > 
> > Basically im writing a kernel module, I want to munge some/all of the network
> > traffic going directly to and from my box,
 
When I say 'munge' I mean I want to change the content of packet
payloads, basically implementing a new protocol at the same layer as
TCP/UDP/ICMP etc. And I'm doing this in kernel space.

> > if i register a packet handler under ETH_P_IP i only get incoming IP datagrams
> > and not any generated locally, using ETH_P_ALL instead 'does' give me all in
> > and outbound datagrams but also gives me stuff like ARP or IPX which I really
> > really dont want.
> > 
> > any suggestions for grabbing outgoing IP datagrams locally without having to
> > patch existing code?
> > 
> > Ian 
> 
>    I have not done much with firewall rule generation software, but as I was
> trying in every case to specify the source and destination routes, but only
> to insert a few minimal rules in a specific order, I simply wrote a set of
> rules using iptables commands, placed them in an executable file, and called
> that file before any of the interfaces were brought up. Both input and
> output interfaces can be specified where relevant in any rule on any table,
> including the three built-in permanent chains. It appears to be functioning
> correctly, but I have only just started full testing.

I was thinking of using the netfilter hooks, Im looking now at just
testing each skbuff i'm given and ignoring non IP ones,

>    Bridge-utils also "just works" with two or more interfaces and about 3-4
> lines of set-up, giving an unseen transparent bridge with filtering
> capabilities.

I've heard that the bridge code is only as good as the network drivers
it is using, I myself had all up to 2.4.24 reboot after about 40 mins of
high level traffic over the bridge. (using 2 rtl8139 cards)

Ian
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list