Does the current kernel (2.2.x) have any provisions for logging
or capturing the ENTIRE IP packet which matches a particular
ipchains rule?
What I'd like to do is capture every packet that matches certain
rules, and have some way of identifying each raw packet with the
log entry in syslog to which it was captured.
In other words, the rules I have may block say a UDP datagram
sent to port 53, and log this (ipchains --log) to syslog. This
tells me some info about the packet, however the actual packet
itself is gone. I'd like something like this:
The syslog entry is flagged with a unique identifier of some
kind, perhaps the "fwmark", and the actual packet is logged to
some sort of file or database and identified by the "fwmark" that
caught it.
Is this possible? Or must I use some other mechanism? Would I
need to patch the kernel to implement this, or does the kernel
include a mechanism (which I think it does) to do this allready?
Instead of the packets getting logged by the kernel somewhere, it
would be acceptable for them to be passed to a user level daemon
for processing and logging if necessary.
Thank you for your time!
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocateJoin the FreeMWare project - the goal to produce a FREE program in which you can run Windows 95/98/NT, and other operating systems.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:15 EST