1. Home
  2. Embedded Linux
  3. Packets from bottom of TCP/IP stack direct to application bypassing stack

Packets from bottom of TCP/IP stack direct to application bypassing stack

Hello Everyone

I am working on a ADSL modem and have the following situation that I would like to have some advice on.

I need to filter out some packages in the lower level of the network stack. There are 2 types of packages: [eth | ppp | ip | udp] and [eth | ip | udp], the data in these packages are the same and they can be identified with the first 16 bits in the UDP data.

I have manage to catch these packages in the /net/core/dev.c file and function netif_rx(...) with the 16 bit ID so I have the packages.

Now for my question: How do I in an easy way get these packages directly to my application without using the network stack. I need BOTH of these packages to reach there and if I use socket the one with PPP get thrown away somewhere and that is not so good.

I know this is not a very specific question and a little vague but some advice and pointers would be appreciated.

Regards Andreas

Reply to
Andreas
Loading thread data ...

TCPDUMP is a popular network analyzing tool. Tcpdump prints out the headers of packets on a network interface that match the boolean expression. The low level packet data capturing on this software is done on LIBPCAP library that is a cross-platform library for packet capture at low network level. For more details take a look at

formatting link 

--
Tomi Engdahl (http://www.iki.fi/then/)
Take a look at my electronics web links and documents at 
http://www.epanorama.net/
Reply to
Tomi Holger Engdahl

Another option is to use the netfilter part of the kernel and create your own filter modules. This is probably a little more work than using tcpdump, but it can give you better control over the packets as you receive them, inspect them and then choose to either filter them or pass them on. Take a look at

formatting link

Reply to
Chuck Gales

Thanks for your input Chuck and Tomi.

I have looked at libpcap and installed in on my Red Hat and tested some sample application and it works very well.

However, my application runs on and embedded system and there isnt much memory left for me to add another lib. libpcap is close to 200k and the is quite alot when I have 1 MB flash. I havent looked at the source code either of the pcap but since it is a lib and not part of the kernel I feel the it might be an overkill. Once I look at the source it might just turn out to use a RAW ethernet socket and filter the traffic through the lib functions. That I can no by myself , just open a: sk = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL)); and I get it all and I can just throw away what I dont need and save the space of the pcap lib.

So I am kind of back to my basic question: How do I in and easy way get a structure/data from the bottom of the network stack to a application and bypass the huge stack.

Regards Andreas

Reply to
Andreas

Andreas, The netfilter part of the kernel is designed to do exactly what you want. All you need to do is to code a kernel module as a character device which hooks into the netfilter part of the kernel. You can then open() your character device and read() out the packets which meet your requirements. You can code into your module any specific filter requirements you want, or you can add in an ioctl() function to allow dynamic filter addition/deletion. Since the netfilter functions are part of the kernel already, the inclusion of them will not add significantly to your image size. Additionally, the kernel module you would write to make the packets available to your application would be very small. There is a specific section on the netfilter site on how to code modules to use it.

formatting link

Also, read the Linux Device Drivers book on how to code character devices to give you information on how your application can access the packets.

formatting link

Good luck

Reply to
Chuck Gales

that I

network

[eth

can be

file and

packages.

directly

of these

thrown

but some

the

is done

capture at

formatting link

create your

pass

Reply to
Srinivas G

with

Hi,

I also got the same problem. I developed a netfilter sample module code. It was working fine whenever a packet pass through my network path. But my question is: How to pass the packet to user application?

I will wait for your reply.

Please give me your rpely to snipped-for-privacy@esntechnologies.co.in Thanks and regards, Srinivas G

Reply to
Srinivas G

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.