Re: capturing all packets on network from the kernel

Damir Cosic (damir@fatpipeinc.com)
Mon, 24 Jan 2000 12:50:43 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Re: [NFS] New version of Linux NFSv3 client is out..."
Previous message: Brian Hurt: "Re: Linux scheduler, overscheduling performance, threads"

Aamir Shaikh wrote:
>
> Hi,
> I'm involved in a project that includes instrumenting the kernel and
> capturing all packets on the network for some traffic analysis studies.
> Whenever a packet is received or transmitted, the instrumentation should
> be printed out. My problem is to figure out where to put this
> instrumentation (in which file or function) in order to capture all
> packets (transmitted and received). I know tcpdump also does a similar
> thing, but I want this through the kernel. Any hints would be greatly
> appreciated.

I think that good place to do that would be firewall chains.
You should write a kernel module witch installs firewall
hooks and count packets there.

Hope this helps.

Damir Cosic

fw_* are pointers to functions where you do your job.

static struct firewall_ops my_ops = {
NULL,
fw_forward,
fw_input,
fw_output,
PF_INET,
1
};

int init_module(void)
{
if(register_firewall(PF_INET, &my_ops) < 0) {
printk("<1>register_firewall failed\n");
return -1;
}
return 0;
}

void cleanup_module(void)
{
unregister_firewall(PF_INET, &my_ops);
}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [NFS] New version of Linux NFSv3 client is out..."
Previous message: Brian Hurt: "Re: Linux scheduler, overscheduling performance, threads"