2

for a project we want to modify all data that is moving across the network stack. This should ideally be protocol independent and should blend seamlessly into the "normal" networking stack.

Basically every bit of data has to be routed over our device first, before passing it on to the rest of the network stack. In this picture the device should be somewhere in/between the second and third layer.

My first idea was to modify the code in socket.c (this image shows the usual kernel flow for network data) to write the data to our device first before proceeding with the normal operation, but it would be better to have this functionality loadable (with a kernel module for example) so the user can turn it of if he wants to.

So my question is: is there any way I can write a kernel module to insert into the network stack to get and modify incoming and outgoing data?

Thanks a lot in advance!

Improve this question

1 Answer 1

Reset to default
3

Have you looked into Netfilter? You can write a loadable kernel module with netfilter hooks.

A resource.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Sounds great! I'm not quite clear on one thing: can I filter outgoing packets with this? Every source I find seems to focus on firewall applications and incoming packets.
Use the NF_INET_LOCAL_OUT hook. Quoting from the above article I linked to: "There is one hook left, NF_INET_LOCAL_OUT . It’s called for local outgoing packets. Routing code is called before this hook to figure out the IP address and after this hook to decide the route. Kernel modules can register to any of the 5 hooks."

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.