How can I get these packets in the user space application?
Ravi Kumar
ravivsn at rocsys.com
Thu Dec 9 14:34:01 CET 2004
Srinivas,
You can use libipq library to get packets in user space and can also
give verdicts. snort_inline uses this method to get packets to IDS
engine which works in user space.
Regards,
-Ravi
Srinivas G. wrote:
>>On Wed, 8 Dec 2004, Srinivas G. wrote:
>>
>>
>>>My question is: How can I get these packets in the user space
>>>application?
>>
>>Depends on what you want to do with the packet. If you intend to have
>
> them
>
>>returned back to the kernel then QUEUE is the best action.
>>
>>If you only want to have them sent to userspace then a more lean
>
> design
>
>>may be desireable.
>>
>>Regards
>>Henrik
>
>
> Dear Henrik,
>
> Actually I am new to network device drivers. Please spend some time to
> read this mail.
>
> Actually I need to send the packets to user space and then in the user
> space I need to do some calculations on the packet data and then I want
> to send the packet back to kernel space.
>
> According to Mr. Ravi Kumar from rocsys.com there is a performance issue
> in moving packets from kernel space to user space and then back to
> kernel space. Even though, I need to transmit the packets from kernel to
> user space and back to kernel space.
>
> I have gone through the documents that are available in the
> netfilter.org.
> Especially I read the netfilter-hacking-HOWTO-4.html document which
> explains about iptables, NAT and netfilter. I mainly concentrated on
> netfilter driver. My understanding is as follows.
>
> I send the sample code in the previous mail to you.
>
> I understood that queue the packet for user space handling. Finally we
> can issue 'nf_reinject' to send the packet into the network path again.
>
> I understood the some of the concepts about 'setsockopt' mechanism in
> the netfilter driver which is useful for processing the user space
> commands in the kernel.
>
> I understood the topics from the following link.
> http://www.netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO-4.
> html
>
> ---------
> My doubt is: How the user application can get the packet from the 'hook'
> function? What APIs are used in the user space application to access the
> packet from the hook function?
>
> Thanks and regards,
> Srinivas G
>
>
More information about the netfilter-devel
mailing list