Le mardi 23 janvier 2007 à 12:53 +0100, Michal Martinek a écrit :
> Thanks for help, I've already written some userspace packet analyzer
> acting as a NFQUEUE target, but the problem is, that not all of the
> packets I'd like to handle (mostly drop) are recognizable. It is a video
> stream, in which I can detect only some "key packets", but the rest
> remains unclear.
OK, so if I understand you correctly... You have a video stream
containing key packets you can spot. This video stream occurs on non
predictable ports.
First solution, and apologies to Gáspár, use string match to identify
your key packets. Then mark the entire connection using CONNMARK and
drop it.
Something like:
iptables -t mangle -A FORWARD -m string --string "yourmagic" \
-j CONNMARK --set-mark 0x1
iptables -A FORWARD -m connmark --mark 0x1 -j DROP
This means once you've detected a key packet, you'll drop it as well as
all further packets from the same connection.
Second solution, you write a helper. Maybe I don't quite well get your
situation, but this stream does not come from nowhere. It's ports have
to be negociated in some previous connection so your client application
can open the right port. Thus, your helper would follow this negociation
connection to identify on the fly streaming ports and block the entire
video stream.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
|