Netfilter virtual driver

Yu Zhiguo yuzg at nanjing-fnst.com
Fri Sep 23 07:48:52 CEST 2005 

Hello:

I think you can use netfilter and netlink socket to solve the problem, and you'd better to make you own code.

the method is like ip_queue but you can control more easily:

kernel: 
            -------------------------------------                                  user:
            |    register netfilter hook function     |  
            -------------------------------------  
                                         |
                                         |
             -------------------------------------   ask for packets       --------------------------------
            |                                                      |   <------------------- |                                               |
            |    create a netlink socket                |                                   |    create a netlink socket         |
            |                                                      |  ------------------->  |                                               | 
            -------------------------------------    then send packets    --------------------------------
                                                                                                                               |
                                                                                                                               |
                                                                                                      --------------------------------
                                                                                                      |         deal with the packets      |
                                                                                                      --------------------------------                              


now you can monitor the network in real time.


                                                                     
----- Original Message ----- 

> Dear All,
> 
>    I want to build a application to monitor the network traffic in real 
> time and It is designed as shown bellow:
>         1. In kernel space, I build a virtual character driver  and hook 
> to Netfilter  to capture all packets traffic via my network.
>         2. On user space, my application handles all packet that was 
> captured by my driver.
>                     -----------------------------------------------
>                     |    User space - My Application        |
>                     -----------------------------------------------
>                                /\                           /\
>                                ||                            ||
>                                \/                           \/
>                     -----------------------------------------------
>                     |   Kernel space - My Virtual Driver  |
>                     -----------------------------------------------
> 
>             and my question is:
> 
>                 a. How can I put all packets  is captured by my virtual  
> driver in kernel space to my application on user space?
>                 b. Does my approach can solve by using ip_queue 
> mechanism?  So, if  I use ip_queue mechanism is base on iptables modules 
> and iptables is stopped, then we can not monitor packet. it is right?
>                 c. Should I use libpcap to do it?
>                 c. Does it exist any open source application base on 
> netfilter and do the same my thesis, could you show it for me reference?
> 
>         Would you please help me understand it and tell me your 
> comments/suggestion. Thank you very much and appreciate it for help.
>                
> Best Regards,
> Nhanle
>

More information about the netfilter-devel mailing list