All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alexandru Gheorghe <alghe.global@gmail.com>
To: netfilter@vger.kernel.org
Subject: LKM with hook that catches iptables hits
Date: Wed, 25 Jun 2014 10:37:36 +0300	[thread overview]
Message-ID: <53AA7C40.2010707@gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 789 bytes --]

Hi guys. I am trying to think of an LKM which could have a general hook
in the sense that whatever iptables defines from user space this hook
will catch when a rule is hit (every rule) and will log it (KERN_INFO).

I do not want to define an NFLOG for each rule (that will be tedious,
especially in a machine dedicated as a firewall for example). Is this
even possible?

The general purpose is to have a method of tracking all packets in order
to see what chains/rules are hit.

This will make possible to observe the routes some packets travel when
they travel the firewall's layout. The kernel is a 2.6.32.x one.


Thank you for any feedback or input, gratefully appreciated.
-- 
; Alexandru Gheorghe
; alghe.global {at} gmail {dot} com
; OpenPGP key ID 0xCAF985D2


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

             reply	other threads:[~2014-06-25  7:37 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-25  7:37 Alexandru Gheorghe [this message]
2014-06-25 12:03 ` LKM with hook that catches iptables hits Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53AA7C40.2010707@gmail.com \
    --to=alghe.global@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.