We are using dev_add_pack with ETH_P_ALL to get copies of sk_buff of all ethernet frames received by eth1. Is there a way we can prevent eth1 from forwarding all the ethernet frames up to TCP/IP layer while still letting it capture all the frames and passing it on to our loadable kernel module?
Asked
Active
Viewed 258 times
2
-
Just found out that netem can be used to cause 100% packet loss like so: sudo tc qdisc add dev eth4 root netem loss 100% – lithiumhead Apr 10 '13 at 11:59
1 Answers
2
Your best bet is to create a netfilter hook. Rather than dev_add_pack, which gets a copy of the sk_buff (thereby allowing the original sk_buff to propagate up to the TCP/IP stack, a netfilter hook will give you the pointer to the original sk_buff as it traverses the stack, and your code actually executes as callback from the stack itself - so you can choose to block the packet, claim ownership in your module, or do pretty much anything on your mind.
Technologeeks
- 7,674
- 25
- 36
-
[The Netfilter Architecture of Linux 2.4](http://www.6test.edu.cn/~lujx/linux_networking/0131777203_ch19lev1sec3.html) This is useful! – lithiumhead Apr 05 '13 at 11:42