Reputation: 3463
Is there a netfilter hook that has the receiving socket already associated?
The NF_INET_LOCAL_OUT hook has skb->sk pointing to a struct sock for the socket that sent the packet. If there a hook that has it set for the socket that receives the packet? In the NF_INET_LOCAL_IN hook, skb->sk is null.
Will I have to use __inet_lookup_skb()? If so, what is the complexity of that function?
EDIT: looks like __inet_lookup_skb() is for TCP only, since there's no udp_hashinfo. I'm doing this for UDP initially.
Upvotes: 0
Views: 448
Answers (2)
Reputation: 5055
Just as a small addition:
The UDP input path is a bit different (from TCP):
NF_INET_LOCAL_IN hooks->
->ip_local_deliver_finish()->udp_rcv()->__udp4_lib_rcv()->__udp4_lib_lookup().
__udp4_lib_lookup() obtains struct sock for particular IP addresses and ports.
Of course on input path at L3 (where was your Netfilter hook) there is still no socket lookups (and therefore sockets). It is the job for transport layer and depends on specific protocol.
So yep in such cases LSM hooks come to the rescue. Also, depending on your needs, you can develop the appropriate kernel patch.
Upvotes: 1
Reputation: 3463
It seems there isn't, but for my case, the LSM hook socket_recvmsg was suitable. It gets a pointer to a struct sock, which points to the struct sk_buffs in the receive queue.
Upvotes: 0
Related Questions
- How can I "interconnect" two sockets in Linux?
- Netfilter hook stateful connection packet filtering
- Functionality to catch arriving connection on tcp port
- Attaching filter to raw sockets in Linux
- Linux kernel hook that knows the destination process of a socket
- marking packet for sending over raw socket
- attach filter to tcp socket in linux
- Drop sniffed packet on matching content
- linux netfilter pass the packet content to user space socket app
- c linux sockets: check for existing connections from client side