Hi Ed W, Thanks a lot for you reply. Do you mean userspace queues like libpcap, libnetfilter queue, if not please correct me. All my need is to block the application before it establish a connection with net. My initial idea is ,by using libpcap or libnetfilter queue do packet monitoring and form iptables and block them. But I need to monitor each and every packets, draw back is before I form iptables connection will be established by the application. As we discussed before, then I go for conntrack, there also i failed. Can you please help me on this. Thanks and Regards, Manikandan R On 10/5/11, Ed W <lists@xxxxxxxxxxxxxx> wrote: > On 04/10/2011 15:09, Manikandan R wrote: >> Hi, >> I am developing application monitoring tool. When I gothru >> http://netfilter.org/, I come to know about the conntrack-tool which >> can be used for monitoring new connection. >> I used "conntrackd"(conntrack deamon) for monitoring the packets. >> Using nfct_callback_register2() am able to handle new packets also, >> but I need to drop this packet if its related to particular >> pid/process. Is there is any way/api to drop packets? >> > > Conntrack doesn't quite track all packets - see my previous questions > about this... > > I think also if you need to examine all packets and decide their fate > ahead of allowing them through then you need to look at userspace queue > stuff? > > Note you can setup some extremely clever filtering using iptables. That > has the ability to filter based on local user id, possibly process id > and also your app can set firewall marks on each packet that can be > easily filtered on later? > > Good luck > > Ed E > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
