netfilter_queue: how to obtain address info from queued packet
Michal Martinek
michal.martinek at siemens.com
Tue Jan 23 12:53:48 CET 2007
Cedric Blancher wrote:
> Le mardi 23 janvier 2007 à 11:18 +0100, Michal Martinek a écrit :
>>> Do you know the STRING module ?
>> I'm afraid not. Can you give me some explanation (or link)?
>
> http://www.google.com/search?q=netfilter+string
>
> By the way, string match is completely irrelevant to your question as it
> would allow you to match a given packet with a fixed already known
> value, not to extract a value you don't know from the packet.
>
> What you want to achieve is a conntrack helper. You can have a look at
> existing ones, such as ip_conntrack_ftp, ip_conntack_irc, etc. You could
> also use QUEUE target to do the job in userland.
Thanks for help, I've already written some userspace packet analyzer
acting as a NFQUEUE target, but the problem is, that not all of the
packets I'd like to handle (mostly drop) are recognizable. It is a video
stream, in which I can detect only some "key packets", but the rest
remains unclear.
The easiest would be (at least I think), to drop everything on the port
where I've detected those "key packets". But I don't know how to obtain
the port number inside the (NF)QUEUE handler.
Do you think, that conntrack helper will help me with it?
More information about the netfilter
mailing list