brctl : see http://sourceforge.net/project/showfiles.php?group_id=26089 . You extract the source and build it on your system. Required Bridging /Netfilter options: CONFIG_BRIDGE set by menuconfig->Networking Options->802.1d Ethernet Bridging. CONFIG_NETFILTER set by menuconfig->Networking Options->Network Packet Filtering. I believe that both are on by default in RH. With your Netfilter (see hook which is part of a loadable kernel module you would need to write, you can use printk's to debug a parser completely within kernel space. By parser, I mean code which allows you to traverse the packet from the MAC header up to say HTTP header to extract meaningful information from each packet. Otherwise, you need to queue the packets using Netfilter nf_queue function, manage this queue yourself and then pass packets up to user space. One way to pass to user space is to have a user function repeatedly call your kernel module (now a driver)and then the frame is copied into user space buffer. You could then parse the frame in user space for a small price of a memory copy. When your user space checks to see if the next packet is available, it re-injects the previous packet using Netfilter nf_reinject call. You could also drop the packet if it fails to pass some criteria. Understand the necessary netfilter functions you will use: nf_register_hook() nf_register_queue_handler() nf_reinject() nf_unregister_hook() nf_unregister_queue_handler() Understand: NF_ACCEPT, NF_QUEUE, NF_DROP, NF_BR_PRE_ROUTING and other hook points. Stuart -----Original Message----- From: kernelnewbies-bounce@xxxxxxxxxxxx [mailto:kernelnewbies-bounce@xxxxxxxxxxxx]On Behalf Of cranium2003 Sent: Monday, November 22, 2004 11:00 PM To: stuart@xxxxxxxxxxxxx Cc: Henrik Nordstrom; kernelnewbies@xxxxxxxxxxxx; netfilter-devel@xxxxxxxxxxxxxxxxxxx; netdev@xxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx Subject: RE: netfilter query hello Stuart, Thanks for the reply. Which kernel parameter for Bridge to be enabled. I have RH9 with 2.4.20-8 kernel installed and i found nearly all kernel parameters with word bridging enabled. Also i try brctl command at console prompt but no utility is present in my linux. one more thing how can i see packets to parse them? regards, cranium. --- Stuart Macdonald <stuart@xxxxxxxxxxxxx> wrote: > Just a parallel thought here, > > A different approach is to implement the Netfilter > Bridge hooks and run a > box as a bridge. This requires a kernel parameter > for Bridge to be enabled > when the kernel is built and then the brctl utility > to setup the bridge. In > this manner, your bridge netfilter hooks always > receive packets starting at > the MAC headers. You can parse from there to derive > subsequent protocols: > IP, IPX, LLC, SNAP, NETBEUI... > > Stuart > > > > -----Original Message----- > From: kernelnewbies-bounce@xxxxxxxxxxxx > [mailto:kernelnewbies-bounce@xxxxxxxxxxxx]On Behalf > Of Henrik Nordstrom > Sent: Monday, November 22, 2004 5:03 AM > To: cranium2003 > Cc: kernelnewbies@xxxxxxxxxxxx; netdev@xxxxxxxxxxx; > netfilter-devel@xxxxxxxxxxxxxxxxxxx; > linux-kernel@xxxxxxxxxxxxxxx > Subject: Re: netfilter query > > > On Sun, 21 Nov 2004, cranium2003 wrote: > > > Also,which headers are added when packet > > reaches to netfilter hook NF_IP_LOCAL_OUT? I found > > TCP/UDP/ICMP ,IP. Is that correct? > > Yes. > > netfilter is running at the IP layer and only > reliably have access to IP > headers and up. Lower level headers such as Ethernet > MAC header is > transport dependent and not always available, and > certainly not available > in NF_IP_LOCAL_OUT as it is not yet known the packet > will be sent to an > Ethernet. > > In some netfilter hooks it is possible to rewind > back to the Ethernet MAC > header but one must be careful to verify that it > really is an Ethernet > packet one is looking at when doing this. > Unfortunately there is no > perfect solution how to detect this.. For an example > of how one may try to > look at the Ethernet MAC header see ipt_mac.c. But > be warned that it is > possible for non-Ethernet frames to pass the simple > checks done there.. > > Regards > Henrik > > -- > Kernelnewbies: Help each other learn about the Linux > kernel. > Archive: > http://mail.nl.linux.org/kernelnewbies/ > FAQ: http://kernelnewbies.org/faq/ > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
