>To do it in user space, you have to use the raw socket interface. This
>by-passes the entire TCP/IP stack. I want to sniff the packets, and make a
>decision based on certain characteristics of each packet. So I need to
>have a filter between the IP and link-layer. Also, I do not want the
>filter to slow down traffic. Hence I believe implementing inside kernel
>will be more efficient.
I've looked at an implementation of something similar. The approach was as
follows:
* insert a "hook" into the netif_rx that would act as a filter
* use a module that:
* activates hook
* apply filtering
* sends back packets to netif_rx for normal processing
* when module is unloaded, deactivate the "hook"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/