[libipq] owner of packet, possible patch

[libipq] owner of packet, possible patch

[Jack Bauer]

Hi,

I'm a student in computer science and for my master thesis i have to
handle packets in a userspace queue. Libipq works fine for me, except
one information which is missing: the owner of a (transmitted) packet.

With the following two additional lines, the problem seems to be solved:

in file
   include/linux/netfilter_ipv4/ip_queue.h
in
   typedef struct ipq_packet_msg_t
line 33 add:

        unsigned int uid;               /* uid of packet owner*/


in file
   net/ipv4/netfilter/ip_queue.c
line 249 add:

        pmsg->uid             = entry->skb->sk->sk_socket->file->f_uid;


Initial tests have been successful and are showing the correct uid in
ipq_packet_msg_t in userspace. Please tell me, what you think about
this modification.

Since I found some other people who are looking for the same
information, i wonder if there is a possibility to include the uid
field officially in the source of netfilter?!

Regards,
Jack

Re: [libipq] owner of packet, possible patch

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 1529 bytes --]

Le mardi 06 mars 2007 à 16:39 +0100, Jack Bauer a écrit :
> Hi,
> 
> I'm a student in computer science and for my master thesis i have to
> handle packets in a userspace queue. Libipq works fine for me, except
> one information which is missing: the owner of a (transmitted) packet.

ipqueue is deprecated in favor of libnetfilter_queue and I'm quiet sure
that no new functionnalities will be pushed to upstream. You may try to
port this to libnetfilter_queue and send your patch to netfilter-devel.

> With the following two additional lines, the problem seems to be solved:
> 
> in file
>    include/linux/netfilter_ipv4/ip_queue.h
> in
>    typedef struct ipq_packet_msg_t
> line 33 add:
> 
>         unsigned int uid;               /* uid of packet owner*/
> 
> 
> in file
>    net/ipv4/netfilter/ip_queue.c
> line 249 add:
> 
>         pmsg->uid             = entry->skb->sk->sk_socket->file->f_uid;

I don't think this information will be available for non-local packet
(What happens if you queue a packet in FORWARD chain ?). You need at
least to protect the assignement.

> Initial tests have been successful and are showing the correct uid in
> ipq_packet_msg_t in userspace. Please tell me, what you think about
> this modification.
> 
> Since I found some other people who are looking for the same
> information, i wonder if there is a possibility to include the uid
> field officially in the source of netfilter?!

Don't think so.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [libipq] owner of packet, possible patch

[TheGesus]

On 3/6/07, Eric Leblond <eric@inl.fr> wrote:

> ipqueue is deprecated in favor of libnetfilter_queue ...

Oddly, our friends over at SourceFire are still using libipq for snort
inline for some unknown reason.

You should drop them a note on this subject and let them know the
error of their ways.  I'm sure they'd appreciate it.

While you're at it maybe you can convince them to stop linking against
that ancient version of libnet they're so fond of.

Re: [libipq] owner of packet, possible patch

[Georgi Alexandrov]

[-- Attachment #1: Type: text/plain, Size: 612 bytes --]

Jack Bauer wrote:
> Hi,
> 
> I'm a student in computer science and for my master thesis i have to
> handle packets in a userspace queue. Libipq works fine for me, except
> one information which is missing: the owner of a (transmitted) packet.
> 
> With the following two additional lines, the problem seems to be solved:
<snip*>

http://iptables-tutorial.frozentux.net/iptables-tutorial.html#OWNERMATCH

That's implemented a long time ago.

-- 
regards,
Georgi Alexandrov

key server - pgp.mit.edu :: key id - 0x37B4B3EE
Key fingerprint = E429 BF93 FA67 44E9 B7D4  F89E F990 01C1 37B4 B3EE


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [libipq] owner of packet, possible patch

[Eric Leblond]

> Hi,
>
> I'm a student in computer science and for my master thesis i have to
> handle packets in a userspace queue. Libipq works fine for me, except
> one information which is missing: the owner of a (transmitted) packet.

You may fine some interest in

http://people.mandriva.com/~sbellabes/cn_net/

It implements a new approach of local firewalling.

BR,
--
Regit

>
> With the following two additional lines, the problem seems to be solved:
>
> in file
>    include/linux/netfilter_ipv4/ip_queue.h
> in
>    typedef struct ipq_packet_msg_t
> line 33 add:
>
>         unsigned int uid;               /* uid of packet owner*/
>
>
> in file
>    net/ipv4/netfilter/ip_queue.c
> line 249 add:
>
>         pmsg->uid             = entry->skb->sk->sk_socket->file->f_uid;
>
>
> Initial tests have been successful and are showing the correct uid in
> ipq_packet_msg_t in userspace. Please tell me, what you think about
> this modification.
>
> Since I found some other people who are looking for the same
> information, i wonder if there is a possibility to include the uid
> field officially in the source of netfilter?!
>
> Regards,
> Jack
>
>

Re: [libipq] owner of packet, possible patch

[Sebastien Tricaud]

TheGesus wrote:
> On 3/6/07, Eric Leblond <eric@inl.fr> wrote:
>
>> ipqueue is deprecated in favor of libnetfilter_queue ...
>
> Oddly, our friends over at SourceFire are still using libipq for snort
> inline for some unknown reason.
> You should drop them a note on this subject and let them know the
> error of their ways.  I'm sure they'd appreciate it.

This is a total lack of knowledge from your side. Please go to the
following URL :

http://prdownloads.sourceforge.net/snort-inline/snort_inline-2.6.1.2-BETA1.tar.gz?download

Extract source code and grep for libnetfilter_queue inside. You will
find they are using it.

>
> While you're at it maybe you can convince them to stop linking against
> that ancient version of libnet they're so fond of.
>

There might be a reason you are not aware of. Why don't you ask them ?



Love,
Sebastien.


----
Envie d'etre gentil ?
Insultron v.2! http://www.nospoon.org/misc/insultron2.html