如何在内核的TCP层上拦截数据包以分析数据? [英] How to intercept packet on TCP layer in kernel to analyze data?
问题描述
我打算在内核中找到某些数据包数据并将其拦截(丢弃某些数据包或将其重定向).一种自然的方法是以某种方式捕获所有数据包,检查其数据并丢弃/重定向某些数据包.
I intend to find certain packet data in the kernel and intercept it (either drop certain packets or redirect them). A natural way is to somehow catch all packets, inspect their data and drop/redirect certain packets.
我试图直接在内核代码中拦截它们(点以将数据复制到用户空间中),但是不能在那里访问由服务器推送而没有请求的数据.
I have tried to intercept them directly in the kernel code (here, at the point to copy the data into user space) but the data that is pushed by the server without requests cannot be accessed there.
另一个选择可能是netfilter钩子,例如此帖子 .但是,这种钩子位于TCP层之下,似乎还没有解决重新排序和丢包的问题.
Another choice could be netfilter hooks like this post. However, such hook is below TCP layer and it seems that reordering and packet losing is not dealt with yet.
所以我想知道是否有任何优雅的解决方案来捕获数据包并在TCP层上对其进行操作?
So I'm wondering whether there are any elegant solutions to catch packet and operate on them upon TCP layer?
谢谢!
推荐答案
如果只想接收特定的东西而丢弃不匹配的东西,是否可以打开带有BFP过滤器的raw/tcp套接字?
If you want to receive only specific stuff and drop not matching stuff, could you open a raw/tcp socket with a BFP filter attached to it ?
例如- https://www.kernel.org/doc/Documentation/联网/filter.txt
这篇关于如何在内核的TCP层上拦截数据包以分析数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!