Aamir Shaikh wrote:
>
> Hi,
> I'm involved in a project that includes instrumenting the kernel and
> capturing all packets on the network for some traffic analysis studies.
> Whenever a packet is received or transmitted, the instrumentation should
> be printed out. My problem is to figure out where to put this
> instrumentation (in which file or function) in order to capture all
> packets (transmitted and received). I know tcpdump also does a similar
> thing, but I want this through the kernel. Any hints would be greatly
> appreciated.
I think that good place to do that would be firewall chains.
You should write a kernel module witch installs firewall
hooks and count packets there.
Hope this helps.
Damir Cosic
fw_* are pointers to functions where you do your job.
static struct firewall_ops my_ops = {
NULL,
fw_forward,
fw_input,
fw_output,
PF_INET,
1
};
int init_module(void)
{
if(register_firewall(PF_INET, &my_ops) < 0) {
printk("<1>register_firewall failed\n");
return -1;
}
return 0;
}
void cleanup_module(void)
{
unregister_firewall(PF_INET, &my_ops);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:13 EST