LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-13-2003, 09:59 AM   #1
jb_li
LQ Newbie
 
Registered: Apr 2003
Posts: 17

Rep: Reputation: 0
dropping packets ?


Hi Community,

following situation:
there is a gateway between my LAN and the Internet, and now the programming part starts. :-)
I want to write a packetsniffer sitting on my Gateway. (shouldn't be the problem). The sniffer should have the opportunity to filter out disliked packets compared with a small rulebase. Wrong dest-address or whatever ...
Does anyone of you knows a way to drop these packets out of a given stream, so they dont reach their acutal destinations ?
I have read about BPF and the IPtables headers, but i havent found usefull documents :-(

edit: i forgot to say ... the programm should run in the userspace. // prefered language is C

Thanks in advance,
h.d.

Last edited by jb_li; 04-13-2003 at 10:02 AM.
 
Old 04-13-2003, 03:04 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,966
Blog Entries: 11

Rep: Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865
Why re-invent the wheel?
IPTables does a pretty good job,
all you need is to make a set of rules?

And if you really want to program your own
filter, don't start out trying to understand
IPTables, rather grab a TCP/IP programming
primer ;) and start from scratch.

Just my 2 cents.


Cheers,
TInk
 
Old 04-13-2003, 04:13 PM   #3
jb_li
LQ Newbie
 
Registered: Apr 2003
Posts: 17

Original Poster
Rep: Reputation: 0
acutally my program should be a content-filter for http ... i don't think it is possible to set such rules with iptables.
i just want to run the sniffer, filtering the payload. This filter decide, whether there should be a full connection to the target host or not.
Maybe i can use iptables for dropping packets during the runtime ?!
If I would use just iptables doing this job, there is no dynamic effect. I dont have a real rulebase.
 
Old 04-13-2003, 04:28 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,966
Blog Entries: 11

Rep: Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865
Quote:
content-filter for http
Now that sounds like a job for squid &
squid-guard or DanskGuardian :}

Cheers,
Tink
 
Old 04-13-2003, 04:34 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,014
Blog Entries: 54

Rep: Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764
Maybe you should give an example of the payload (or classification) you want to filter for before I offer Snort as another alternative.
 
Old 04-13-2003, 05:37 PM   #6
jb_li
LQ Newbie
 
Registered: Apr 2003
Posts: 17

Original Poster
Rep: Reputation: 0
How does Squid or Snort drop these packets ...?
Actually i want to write my own filter... :-)
 
Old 04-13-2003, 06:53 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,966
Blog Entries: 11

Rep: Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865Reputation: 865
Squid(guard) stops the http traffic from
reaching the machine that requested the
unwanted contents ... it doesn't "physically"
drop the packet.

As for writing your own filter: go for it ;)

Cheers,
Tink

P.S.: Here a few Links google spat out ...

http://www.scit.wlv.ac.uk/~jphb/comms/sockets.html
http://www.linuxjournal.com/article.php?sid=2333
http://www.developerweb.net/sock-faq/

Last edited by Tinkster; 04-13-2003 at 07:18 PM.
 
Old 04-14-2003, 11:18 AM   #8
jb_li
LQ Newbie
 
Registered: Apr 2003
Posts: 17

Original Poster
Rep: Reputation: 0
Thank you .. I will try it tonight
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
logging to a remote syslog server is dropping packets draeician73 Linux - Security 1 10-20-2004 06:19 PM
dropping of ICMP packets from martian sources kishku Linux - Networking 2 10-19-2004 08:06 PM
Dropping Network Packets Micah Linux - Networking 4 03-14-2004 09:39 PM
Packets dropping with LAN network valo Linux - Hardware 3 02-18-2004 06:19 PM
Redhad Linux dropping IP packets on network with VLANs deweaver Linux - Networking 0 09-12-2003 03:28 PM


All times are GMT -5. The time now is 11:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration