Re: netfilter_queue: how to obtain address info from queued packet

To:	Cedric Blancher <blancher@cartel-securite.fr>
Subject:	Re: netfilter_queue: how to obtain address info from queued packet
From:	Michal Martinek <michal.martinek@siemens.com>
Date:	Tue, 23 Jan 2007 12:53:48 +0100
Cc:	netfilter@lists.netfilter.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<1169548315.4178.61.camel@anduril.intranet.cartel-securite.net>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<45B5DD80.70809@siemens.com> <45B5DF09.6030001@freemail.hu> <45B5E0DC.2020703@siemens.com> <1169548315.4178.61.camel@anduril.intranet.cartel-securite.net>
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	Thunderbird 1.5 (Windows/20051201)

To:

Cedric Blancher <blancher@cartel-securite.fr>

Subject:

Re: netfilter_queue: how to obtain address info from queued packet

From:

Michal Martinek <michal.martinek@siemens.com>

Date:

Tue, 23 Jan 2007 12:53:48 +0100

Cc:

netfilter@lists.netfilter.org

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

In-reply-to:

<1169548315.4178.61.camel@anduril.intranet.cartel-securite.net>

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

References:

<45B5DD80.70809@siemens.com> <45B5DF09.6030001@freemail.hu> <45B5E0DC.2020703@siemens.com> <1169548315.4178.61.camel@anduril.intranet.cartel-securite.net>

Sender:

netfilter-bounces@lists.netfilter.org

User-agent:

Thunderbird 1.5 (Windows/20051201)



Cedric Blancher wrote:

Le mardi 23 janvier 2007 à 11:18 +0100, Michal Martinek a écrit :

Do you know the STRING module ?

I'm afraid not. Can you give me some explanation (or link)?


http://www.google.com/search?q=netfilter+string

By the way, string match is completely irrelevant to your question as it
would allow you to match a given packet with a fixed already known
value, not to extract a value you don't know from the packet.

What you want to achieve is a conntrack helper. You can have a look at
existing ones, such as ip_conntrack_ftp, ip_conntack_irc, etc. You could
also use QUEUE target to do the job in userland.

Thanks for help, I've already written some userspace packet analyzeracting as a NFQUEUE target, but the problem is, that not all of thepackets I'd like to handle (mostly drop) are recognizable. It is a videostream, in which I can detect only some "key packets", but the restremains unclear.

The easiest would be (at least I think), to drop everything on the portwhere I've detected those "key packets". But I don't know how to obtainthe port number inside the (NF)QUEUE handler.


Do you think, that conntrack helper will help me with it?

<Prev in Thread]	Current Thread	[Next in Thread>
netfilter_queue: how to obtain address info from queued packet, Michal Martinek Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek <= Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher Re: netfilter_queue: how to obtain address info from queued packet, Michal Martinek

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos
Next by Date:	Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher
Previous by Thread:	Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher
Next by Thread:	Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: netfilter_queue: how to obtain address info from queued packet, Gáspár Lajos

Next by Date:

Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher

Previous by Thread:

Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher

Next by Thread:

Re: netfilter_queue: how to obtain address info from queued packet, Cedric Blancher

Indexes:

[Date] [Thread] [Top] [All Lists]