[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    stream-like interface by netfilter?
From:       Haibin Wang <haibin123us () gmail ! com>
Date:       2009-03-31 22:03:07
Message-ID: 741894ea0903311503j1ac8aebbt3b2767d6e18173eb () mail ! gmail ! com
[Download RAW message or body]

Hi Netfilter folks,

Some questions on netfilter interface in kernel space.

First, Does netfilter provide a stream-like interface in kernel space,
in addition to packets?
Second, if not, is there a way that netfilter provides packets of a
TCP connection in right order ( maybe also duplications free)?
Third, if so, what would be the best place to put in TCP reassembly
code to collect packets and present a stream-like interface? I used
NAT helper and CONNTRACK helper before, but not sure that is the right
place to fulfill such a function.

Essentially we are doing a project that requires inspecting contents
of TCP connections, our current approach requires patch to kernel
TCP/IP stack, which isn't that convenient to end users. So we want to
explore the idea whether we could do it using Netfilter. But so far I
haven't found such an interface from Netfilter documentation.

I did read another open source project Layer 7 Netfilter,
http://l7-filter.sourceforge.net/


, but since it also applies patch to the kernel, it isn't exactly what
we want, though a good place to start with.

Thanks for your attention.

Haibin
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]