hi,
i'm writing a kernel module (2.4.19) which sits in the network stack and
listens for outgoing tcp-syn packets and drops them if they start coming too
fast (e.g. when someone is doing a tcp-syn scan from your box).
after many hours of fun in the kernel sources :) i think i've just about got
it working - except for one thing... i still can't work out how to drop
offending packets!! at the moment i'm hacking it by setting the ttl to 1 -
probably not the best solution... (but hey, it works ;) however, i would
dearly love to know how to drop a packet properly??
details:
the module's registered in init_module() like so:
testhandler.dev = dev_get_by_name("eth0");
testhandler.type = htons(ETH_P_ALL);
testhandler.func = handle_packet;
dev_add_pack(&testhandler);
in handle_packet() i've tried various things e.g. kfree_skb, skb_dequeue,
skb_unlink, ... but the packet never gets dropped. when handle_packet() gets
the sk_buff it's cloned, is this causing problems with the dropping?
i've had to do it as a module as the traffic i'm interested in is coming from
vmware virtual machines (bridge-networking) running on my box and the vmware
handler sits below the ip handler in the network stack so packets sent by it
don't traverse any netfilter hooks and so aren't seen by iptables.
thanks,
jamie
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
