-------- Original Message -------- Subject: Divert Sockets in current Linux versions? Date: Fri, 18 Jun 2004 16:57:37 +0200 From: Juergen Nickelsen <juergen.nickelsen@netzwert.ag> Organization: Netzwert AG, Germany To: linux-net@vger.kernel.org
Hello all,
with some googling I found out that a kernel patch implementing divert sockets exists for Linux up to 2.2.19, but not for current versions. Is this correct? Is there perhaps any other mechanism to take packets out of the kernel IP output queue and relay them to a user process?
Regards, Juergen.
Yes, Netlink sockets are a good replacement for this mechanism. Specifically the NETLINK_FIREWALL and NETLINK_FIREWALL6 protocols from the AF_NETLINK family will do what you want them to. These protocols allow you to open socket in user space, intercept and re-inject packets into the networking stack. They work in conjunction with the iptables hooks in the kernel. To use them you will need to insmod the ip_queue module, and then setup an iptables rule that filters off packets you are interested in, and sends them to the QUEUE target. Any packet sent on the QUEUE target will then be received by the user space process that has the appropriate netlink socket open. There isn't much documentation on this right now (I learned how to use it by combing the kernel source), but I'm writing a whitepaper on the subject, and will post it when its ready.
Hope that helps Neil
-- /*************************************************** *Neil Horman *Software Engineer *Red Hat, Inc. *nhorman@redhat.com *gpg keyid: 1024D / 0x92A74FA1 *http://www.keyserver.net ***************************************************/ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
