Re: netfilter_queue: how to obtain address info from queued packet

NetFilter

Re: netfilter_queue: how to obtain address info from queued packet

To:	Michal Martinek <michal.martinek@siemens.com>
Subject:	Re: netfilter_queue: how to obtain address info from queued packet
From:	Gáspár Lajos <swifty@freemail.hu>
Date:	Tue, 23 Jan 2007 12:49:11 +0100
Cc:	netfilter@lists.netfilter.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<45B5E630.6000305@siemens.com>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<45B5DD80.70809@siemens.com> <45B5DF09.6030001@freemail.hu> <45B5E0DC.2020703@siemens.com> <45B5E321.90608@freemail.hu> <45B5E630.6000305@siemens.com>
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	Thunderbird 1.5.0.9 (Windows/20061207)

Michal Martinek írta:

Thanks, I was too fast to answer without looking into man pages:-).But this module would just save me some work with analyzing packets.The problem is that I would like to detect video stream in which I canrecognize only some "key packets". The rest is (for me)unrecongnizable and I only know that they are coming from/to the sameport.

Well... It is not really clear to me what you want... :-) (Blocking some"communication" :-) .)You can drop the whole connection when you detect for example a headerof a video stream....

This could be dangerous because you would drop some legitimate traffic too.

That is why you have to narrow your matching criterias. (eg.: addingsome rules like "-i eth0" or "-s 192.168.0.1")

An other good thing to look after is the l7 patch:

http://l7-filter.sourceforge.net/HOWTO

But there may be better solutions if you would clarify more your needs :)

Swifty

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
netfilter_queue: how to obtain address info from queued packet, Michal Martinek Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos <= Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek

Previous by Date:	Any book for natting and wan simulation in freebsd, rajesh singh
Next by Date:	Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek
Previous by Thread:	Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek
Next by Thread:	Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher
Indexes:	[Date] [Thread] [Top] [All Lists]