Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: extending netfilter...plz help
Top Forums Programming extending netfilter...plz help Post 99587 by Rakesh Ranjan on Monday 20th of February 2006 01:30:29 AM
Old 02-20-2006
Thanks everyone for viewing and trying to think over it. I got my solution for this strange problem. So that none of u face same problem i'll tell what happened.
I created my kernel module and created a patch (mymodule.patch file) for it. Next I went through the patch-o-matic and learnt how to add ones own new patches to the already existing ones. Now I created all files required to patch makefile, config.in file etc. But to my surprise when I applied this patch last two lines were not included in the C file that resulted from patch. These two lines contained module initialisation and exit code. And so upon calling from user space though the module was loaded but it was loaded as tainted module. Luckily on going through again and again I could find the mistake and then rectified it.
So this way i got rid of problem but still thanks to u all for atleast looking into my problem.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

plz Help How should I configure cc compiler output file plz help???

i.e configuration of C compiler :confused: (4 Replies)
Discussion started by: atiato
4 Replies

2. Programming

Help in extending netfilter

Hi everybody, I have to write a module for matching in netfilter , extending the netfilter but I'm facing some problems can somebody guide me in that. I know that I need to write matching module working in kernel space and a program in userspace. I went through the HOWTO on netfilter-hacking but... (0 Replies)
Discussion started by: Trusted Penguin
0 Replies

3. Programming

Problem in registering new netfilter target module

Friends I'm facing a big problem trying to extend the netfilter. Somone please help me with your quick reply (any hint) as I've to meet a deadline. My problem is that I've written a new netfilter target module and its corresponding userspace program for iptables to change the packet type of a... (0 Replies)
Discussion started by: Rakesh Ranjan
0 Replies

4. IP Networking

netfilter connection tracking

hi, i'm using tcpreplay to send a traffic trace to my wireless interface (the trace is been captured by the same interface). It seems as netfilter can't trace connections. Is it possible? (0 Replies)
Discussion started by: littleboyblu
0 Replies

5. Cybersecurity

Netfilter conntracking for P2P protocols (edonkey, bittorent...)

Hi everyone, I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol. Thanks guys. (0 Replies)
Discussion started by: nekkro-kvlt
0 Replies

6. Linux

netfilter / iptables

HI, Is the Netfilter and IPtables same? Thanks & Regards Arun (1 Reply)
Discussion started by: Arun.Kakarla
1 Replies

7. Linux

C, LKM, netfilter, PF_PACKET and ARP.

Hello, Everyone knows that with PF_PACKET sockets one can "sniff" a determinated frame from the network device, but just that, see the frame without altering its action on the receiving host. What i want is to "intercept" the incoming frame and pass it through some rules, and if it doesn't pass... (9 Replies)
Discussion started by: Zykl0n-B
9 Replies

8. Cybersecurity

Experience with libvirt netfilter API

Hi all, I would like to get some ideas and opinions on matter of libvirt netfilter application in KVM environment. I am looking for some easy way to control it with an API and possible experience with that and its performance in real life application. Thanks for all ideas (0 Replies)
Discussion started by: smoofy
0 Replies

9. Cybersecurity

How to use Netfilter properly with IPv6?

Hello, on a PC with Debian 8 I try to use a Bash script with Netfilter rules so that only traffic goes in and out that is wanted. For that I set all 3 default policies to "drop". The machine uses DHCP to get its IP, gateway and DNS. And I never checked so I was quite surprised that my... (1 Reply)
Discussion started by: SInt
1 Replies

LEARN ABOUT DEBIAN

lire::firewall::iptablesdlfconverter

IptablesDlfConverter(3pm)				  LogReport's Lire Documentation				 IptablesDlfConverter(3pm)

NAME

       IptablesDlfConverter - convert netfilter/iptables syslog logs to firewall DLF

DESCRIPTION

       IptablesDlfConverter converts Linux 2.4 iptables packet log into firewall DLF format.

LIMITATIONS

       The netfilter logging modules don't log the status of the packet (drop, accept, reject) like the ipchains logging code. You can specify a
       prefix that will be used in the log. This converter will mark the packet as 'denied' whenever that prefix matches (case insensitive) the
       following regex: 'denied|deny|drop|reject|unallowed', it will mark the packet as 'permitted' whenever that prefix matches (case
       insensitive) the following regex: 'accept|permit', and all other packets will have '-' as the value of the 'action' field.

       So in order for this converter to detect 'denied' packets, you should use a prefix containing one of those substrings.

       For example:

	iptables -N lodrop
	iptables -A logdrop -j LOG --log-prefix "Packet-DENY: "
	iptables -A logdrop -j DROP

       or other similar prefixes: 'denied: ', 'Packet-REJECT: ', ...

       The prefix used will end up in the 'rule' field of the DLF record.

EXAMPLES

       IptablesDlfConvertor will be rarely used on its own, but is more likely called by lr_log2report:

	$ lr_log2report iptables < /var/log/iptables.log > report

SEE ALSO

       The Netfilter webpage at http://netfilter.samba.org/ .

AUTHORS

       Francis J. Lacoste <flacoste@logreport.org>

VERSION

       $Id: IptablesDlfConverter.pm,v 1.12 2006/07/23 13:16:35 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2001, 2002, 2003, 2004 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2006-07-23						 IptablesDlfConverter(3pm)
All times are GMT -4. The time now is 02:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy