I need to query existing rules, as well as being able to easily add and delete rules. I haven't found any APIs for doing this, is there something that I'm missing? The closest I've come to a solution is using iptables-save | iptables-xml for querying, and manually calling the iptables command itself to add/delete rules. Another solution...
How can I compile multiple files (files calling functions in other files) in kernel module? ...
I am writing a kernel module which registers a netfilter hook. I am trying to get the ip address of the caller by using the sk_buff->saddr member. Is there a way I can get the IP in human readable i.e. x.x.x.x format? I found the function inet_ntop() but it doesn't seem to be available in kernel headers. How do I convert \xC0\xA8\x00\x...
Hello, I am writing a kernel module which registers a hook with netfilter. The handler is not being called if I ssh/telnet into the machine where the module is loaded. struct nf_hook_ops my_hook_ops; my_hook_ops.hook = hook_handler; my_hook_ops.pf = PF_INET; my_hook_ops.hooknum = NF_INET_PRE_ROUTING; my_hook_ops.priority = NF_IP_PRI_F...
Hi, I need to steal some SKBs in my NetFilter hook, and retain them for some time. Is there a limit in the kernel about how many SKBs can I use at a time? What are the consequences of having some 100,000 or even more SKBs held in my kernel module? I could avoid copying my packets two time if I can have many-many SKBs. Regards, Denes ...
I want to write a linux 2.6 netfilter module, which can check the incoming IP packet information ,such as dest-ip ,source-ip. and then pass these information to user space app. that app (socket app,I think ) will handle these information as soon as the packet reach the HOOKs. I want to try two ways : 1, inside the netfilter module, ma...
Hey guys, I'm working on a netfilter module that modifies TCP ack behavior and I am having some trouble with crashes. I think my problem is that I don't fully understand the netfilter architecture (and maybe the kernel in general, I'm pretty new to this). I have two main questions: 1.) Using kmalloc with the GFP_KERNEL flag seems to ca...
Hello all, How can we create a table of IP addresses for NetFilter? I would like to do so, just like table directive of PacketFilter. Thank you for any help. ...
Let's say I have intercepted a packet from Netfilter and subsequently returned NF_STOLEN. At some point I want to re-inject that packet back to, in this case, the TCP stream it came from. I want to do this from Kernel space. So far I have been unable to find a way to do this. Thanks for the help. ...
hello. please forgive me if the question were asked before. after some research on netfilter there are few loose ends that i cant comprehend. where is the memory of the queue is and how is it being handled? when you are using the queue is it being copied to the userspace or that you map the memory and how it influences the system perfo...
Where can I find the kernel including netfilter/iptables? Can I assume most market phones has netfilter included within their kernels? ...
I want to forward packets by netfilter, so I want to get some c demos to get start, thanks ...