Dear Experts,
In the Linux networking stack , we know that when there is a packet "enter" the network interface card (NIC), the packet will be parse and eventually reach a function called "netif_rx()". And from there, the packet will keep on "traverse" to the upper protocol level and different processing on the packet will be carried out by the kernel depending on its packet protocol types before it is being sent out on the reverse way (correct me if I am wrong in concept, thanks :) )...
Currently I am doing a project on linux networking stack. I was required to "intercept" the packets whenever they are received and reach the "netif_rx()", processing them, and send them out again. May I know, if I am to do this task in the application level, what should I do? I know socket programming can get the packets for me into the application level, but where does actually socket programming "intercept" the packets from? If not using socket programming, any other way that I can "divert" those packet to the application level? And would also like to know how can i send those packets out from application level, other than socket programming.
Hope you guys can give me some advice or hint. :)
Thanks a lot :)
Regards,
EJ
1) "before it is being sent out on the reverse way"
Well, actually, packets received are usually not sent out
(except when the host is requested to forward ip traffic,
i.e. is a router or a gateway).
2) There are 2 ways to capture packet from user-land
(application level)
- linux specific : create a packet socket (see man packet)
then use recvfrom/sendto.
- platform independant : use libpcap (see man pcap on linux)
tutorial here : http://www.tcpdump.org/pcap.htm
3) Depending on what you want to do, the user-land approch
may not be possible. For example, do you want to implement
you own protocol (using your own protocol-type code) or do
you want to intercept packets for a std protocol (eg IP) ?
Also, do you want to modify/filter the packets
or just read them ? If you want to modify packets, you
need to have a kernel implementation (well, at least
I think so).
4) Anyway, are you sure you can't use an existing mecanism
to solve your problem ? What is your problem exactly ?
Linux already addresses most of the needs concerning
security, routing, etc...
Stephane