Re: How/where does the kernel map packets to an application ...

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira <pablo@eurodev.net>
To: andrej@paradise.net.nz, netfilter-devel@lists.netfilter.org
Subject: Re: How/where does the kernel map packets to an application ...
Date: Thu, 15 Jan 2004 00:48:04 +0100	[thread overview]
Message-ID: <4005D534.9050401@eurodev.net> (raw)
In-Reply-To: <200401150910.32898.andrej@paradise.net.nz>

Hi Andrei,

Andrej Ricnik wrote:

>Hi Guys,
>
>and sorry for asking this here, I'm aware of the fact that
>this isn't quite the right list to do so, in fact, I don't even
>know how to word my question properly, so please bear
>with me.
>
>Since you're pretty close to what I suspect to be the right
>layer to be looking at I hope someone might understand
>what I'm on about :)
>
>My idea is to write an addition to netfilter that will check 
>the originating application of an IP request against a list
>of allowed files, and if I handle that well enough, integrate
>a roster of user/application to check whether a request is
>legal or not.
>
>My question is:
>At which point does the kernel determine which application
>a incoming packet is meant for?
>

Actually, netfilter can't know for which application is that packet 
coming for, because it works in the network/transport (level 3/4 of OSI 
model) layer, I mean that netfilter can only manages data packets (they 
are contained in a network buffer, see the structure skbuff). What you 
want do is packet filtering from the application layer.

> Imagine one user having
>mozilla and opera open, using both for browsing. Another
>user having a links session in a console. How does the
>kernel determine which application is meant to receive
>a incoming packet on port 80? I hope that once I under-
>stand how this works I could for instance use lsof or a
>tool the like to intercept illegal requests by matching 
>against application name/path ...
>
if it's only web traffic, it will be a good idea performing the 
filtering via proxy.

cheers,
Pablo

next prev parent reply	other threads:[~2004-01-14 23:48 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-01-14 20:10 How/where does the kernel map packets to an application Andrej Ricnik
2004-01-14 23:48 ` Pablo Neira [this message]
2004-01-15  7:10 ` Henrik Nordstrom
2004-01-15 19:34   ` Martin Josefsson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4005D534.9050401@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=andrej@paradise.net.nz \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.