0

The project I am working has the requirement of dropping captured packets. I am successfully captuing packets with the use of libpcap like so,

pcap_loop(handle, num_packets, got_packet, NULL);

Where in the callback function I capture the given number of packets in the num_packets argument. My requirement is to drop the captured packets.

I tried checking for help and ended up empty handed. Any reference of code snippets to perform this requirement of dropping captured packets via libpcap is much appreciated. :)

EDIT Alternative suggestions are welcome if this is not possible via libpcap.

NOTE that before dropping the packet I need to obtain the destination/ source ip address and payload of the packet to be dropped.

Trevor Hickey
  • 36,288
  • 32
  • 162
  • 271
Hasitha Shan
  • 2,900
  • 6
  • 42
  • 83

1 Answers1

1

I don't know, if there's a library. Libpcap is for network packet capture only, AFAIK.

From my limited knowledge, I would say dropping a packet is just ignoring or not forwarding it. However this is not done in some program, but the kernel's network stack.

You can accomplish this, by defining appropriate rules in netfilter. There, you will also find libnftnl, which allows to communicate with the Linux netfilter subsystem. But as I read it, you can only define rules and not drop individual packets.

Olaf Dietsche
  • 72,253
  • 8
  • 102
  • 198
  • Thank you sir for your response..I will check on what you have told :) – Hasitha Shan Mar 29 '14 at 12:43
  • "Libpcap is for network packet capture only, AFAIK." You are 100% correct. "I would say dropping a packet is just ignoring or not forwarding it. However this is not done in some program, but the kernel's network stack." Yes. The way to do that depends on the OS; the question is tagged with "linux", so they're presumably running Linux. I think there are ways of tapping into the stack so that user-mode code can decide what packets to drop or not (rather than having to supply rules to the kernel). –  Mar 29 '14 at 18:48