* How/where does the kernel map packets to an application ...
@ 2004-01-14 20:10 Andrej Ricnik
2004-01-14 23:48 ` Pablo Neira
2004-01-15 7:10 ` Henrik Nordstrom
0 siblings, 2 replies; 4+ messages in thread
From: Andrej Ricnik @ 2004-01-14 20:10 UTC (permalink / raw)
To: netfilter-devel
Hi Guys,
and sorry for asking this here, I'm aware of the fact that
this isn't quite the right list to do so, in fact, I don't even
know how to word my question properly, so please bear
with me.
Since you're pretty close to what I suspect to be the right
layer to be looking at I hope someone might understand
what I'm on about :)
My idea is to write an addition to netfilter that will check
the originating application of an IP request against a list
of allowed files, and if I handle that well enough, integrate
a roster of user/application to check whether a request is
legal or not.
My question is:
At which point does the kernel determine which application
a incoming packet is meant for? Imagine one user having
mozilla and opera open, using both for browsing. Another
user having a links session in a console. How does the
kernel determine which application is meant to receive
a incoming packet on port 80? I hope that once I under-
stand how this works I could for instance use lsof or a
tool the like to intercept illegal requests by matching
against application name/path ...
If this is a FAQ, or just plain stupid, please throw me a
link to appropriate documentation.
Thanks in advance, and thanks for your patience,
Cheers,
Tink
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How/where does the kernel map packets to an application ...
2004-01-14 20:10 How/where does the kernel map packets to an application Andrej Ricnik
@ 2004-01-14 23:48 ` Pablo Neira
2004-01-15 7:10 ` Henrik Nordstrom
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira @ 2004-01-14 23:48 UTC (permalink / raw)
To: andrej, netfilter-devel
Hi Andrei,
Andrej Ricnik wrote:
>Hi Guys,
>
>and sorry for asking this here, I'm aware of the fact that
>this isn't quite the right list to do so, in fact, I don't even
>know how to word my question properly, so please bear
>with me.
>
>Since you're pretty close to what I suspect to be the right
>layer to be looking at I hope someone might understand
>what I'm on about :)
>
>My idea is to write an addition to netfilter that will check
>the originating application of an IP request against a list
>of allowed files, and if I handle that well enough, integrate
>a roster of user/application to check whether a request is
>legal or not.
>
>My question is:
>At which point does the kernel determine which application
>a incoming packet is meant for?
>
Actually, netfilter can't know for which application is that packet
coming for, because it works in the network/transport (level 3/4 of OSI
model) layer, I mean that netfilter can only manages data packets (they
are contained in a network buffer, see the structure skbuff). What you
want do is packet filtering from the application layer.
> Imagine one user having
>mozilla and opera open, using both for browsing. Another
>user having a links session in a console. How does the
>kernel determine which application is meant to receive
>a incoming packet on port 80? I hope that once I under-
>stand how this works I could for instance use lsof or a
>tool the like to intercept illegal requests by matching
>against application name/path ...
>
if it's only web traffic, it will be a good idea performing the
filtering via proxy.
cheers,
Pablo
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How/where does the kernel map packets to an application ...
2004-01-14 20:10 How/where does the kernel map packets to an application Andrej Ricnik
2004-01-14 23:48 ` Pablo Neira
@ 2004-01-15 7:10 ` Henrik Nordstrom
2004-01-15 19:34 ` Martin Josefsson
1 sibling, 1 reply; 4+ messages in thread
From: Henrik Nordstrom @ 2004-01-15 7:10 UTC (permalink / raw)
To: Andrej Ricnik; +Cc: netfilter-devel
On Thu, 15 Jan 2004, Andrej Ricnik wrote:
> My idea is to write an addition to netfilter that will check
> the originating application of an IP request against a list
> of allowed files, and if I handle that well enough, integrate
> a roster of user/application to check whether a request is
> legal or not.
Doesn't this exists already.. checking. You should be able to use the
owner match for this purpose.
> At which point does the kernel determine which application
> a incoming packet is meant for?
Ah, incoming packets. Then the situation is a little harder. The owner
match only works on outgoing packets.
> Imagine one user having mozilla and opera open, using both for browsing.
> Another user having a links session in a console.
For this, matching outgoing packets is sufficient. Allows you to control
which applications are allowed to initiate sessions to the network.
For incoming packets you use conntrack to allow only packets belonging to
sessions accepted above.
> How does the kernel determine which application is meant to receive a
> incoming packet on port 80?
By the socket the packet belongs to. Known to iptables on outgoing
packets, but on incoming packets the socket is not yet known as this
is determined by the TCP/UDP layers which are after iptables.
Regards
Henrik
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-01-15 19:34 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-14 20:10 How/where does the kernel map packets to an application Andrej Ricnik
2004-01-14 23:48 ` Pablo Neira
2004-01-15 7:10 ` Henrik Nordstrom
2004-01-15 19:34 ` Martin Josefsson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.