Re: Forking inside netfilter queue

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Rayed Alrashed <rayed@saudi.net.sa>
To: Alex <alex@hackgod.org>
Cc: netfilter@lists.netfilter.org
Subject: Re: Forking inside netfilter queue
Date: Thu, 03 May 2007 21:39:48 +0300	[thread overview]
Message-ID: <463A2C74.90401@saudi.net.sa> (raw)
In-Reply-To: <13098.213.106.233.77.1178214500.squirrel@xeentech.com>

>
> If you were to do this with the queue lib, then you'd ataualy have to
> either let the client establish the connection OR fake that the connection
> was established, before you get the HTTP request is sent to rule on.
>   

Of course! I want my application to be totally transparent from the 
client. The client will use regular browser without any proxy, and I 
won't inspect TCP handshaking packets, only packets that looks like HTTP 
request.

> Also keep in mind that the servers/client might want to do a Keep-alive or
> long lived HTTP session, with multiple HTTP requests. Keeping track of
> that, from an NFNetlink/Queue based interface would be hecktic.
>   
According to my tests and observations, most HTTP requests reside in a 
single packet, for request that span more than one request, I'll start 
tracking the session when I get a packet that looks like the beginning 
of HTTP request, and stop when I get "Host" header.

For example:
3rd Packet: "GET /ver_long_uri\r\n"
It looks like the start of HTTP request, Start tracking.

4th Packet: "Host: ad-ware.domain\r\n\r\n"
I have URI+HOST, Stop tracking.

In this case I won't have to keep track of the whole TCP session only 
what I need to get URI and HOST.

This will allow me to process more packets with minimal session tracking.

     prev parent reply	other threads:[~2007-05-03 18:39 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-30 13:18 Forking inside netfilter queue Rayed
2007-04-30 13:47 ` Jan Engelhardt
2007-05-01  6:30   ` Rayed
2007-05-01  8:32     ` Jan Engelhardt
2007-05-01 18:27       ` Can't get --dport to work Joel Lindsay
2007-05-01 20:28         ` Krishnamoorthy (Siva) Sivakumar
2007-05-03 15:25 ` Forking inside netfilter queue Alex
2007-05-03 19:20   ` Rayed Alrashed
2007-05-03 17:48     ` Alex
2007-05-03 18:39       ` Rayed Alrashed [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=463A2C74.90401@saudi.net.sa \
    --to=rayed@saudi.net.sa \
    --cc=alex@hackgod.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox