I'm building a simple linux firewall, implemented as a kernel module using netfilters. I want it to be able to do Deep Packet Inspection, and for that I need to be able to read the content of the packet. How would I go on doing that?
Asked
Active
Viewed 899 times
0
-
I have borrowed @sam-protsenko 's answer from [this](http://stackoverflow.com/questions/29553990/print-tcp-packet-data) to answer your question. Thankyou sam you smashed that one. – sjsam Nov 29 '15 at 10:41
1 Answers
0
From the netfilter website.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
Step 1 :
Write a module for deep packet inspection. Linux tcp api will help you do so. See the accepted answer to this SO Question which will help you get started. In that you might wish to remove :
/* Show only HTTP packets */
if (user_data[0] != 'H' || user_data[1] != 'T' || user_data[2] != 'T' ||
user_data[3] != 'P') {
return NF_ACCEPT;
}
just in case you wish to deal with all the packets.
Step 2 :
Implement a hook for the above module in the kernel using netfilter.
