Help!

packet drop notifications -?

  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Networking RSS
Next:  Accepted vxl 1.14.0-12 (source amd64)  
Author Message
chcat
External


Since: Dec 08, 2011
Posts: 3
PostPosted: Thu Dec 08, 2011 7:24 am    Post subject: packet drop notifications -?
Archived from groups: comp>os>linux>networking (more info?)

Hello,
I am looking for the approach to receive notifications in application
code when linux firewall drops the packet.
Can it be done without changes in kernel code?
Thanks....
Back to top
Richard Kettlewell
External


Since: Feb 19, 2005
Posts: 189
PostPosted: Thu Dec 08, 2011 11:10 am    Post subject: Re: packet drop notifications -? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
chcat writes:
> I am looking for the approach to receive notifications in application
> code when linux firewall drops the packet.
> Can it be done without changes in kernel code?
> Thanks....

Add a LOG rule before each DROP rule, and then monitor the kernel log
output.

--
http://www.greenend.org.uk/rjk/
Back to top
Jorgen Grahn
External


Since: Feb 17, 2009
Posts: 70
PostPosted: Thu Dec 08, 2011 12:10 pm    Post subject: Re: packet drop notifications -? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Thu, 2011-12-08, Richard Kettlewell wrote:
> chcat writes:
>> I am looking for the approach to receive notifications in application
>> code when linux firewall drops the packet.
>> Can it be done without changes in kernel code?
>> Thanks....
>
> Add a LOG rule before each DROP rule, and then monitor the kernel log
> output.

I seem to recall there are other actions which can be used too ...
Depends on what he wants to do.

(I once wanted to play a "plonk" sound every time, but never got
around to implementing it.)

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
Back to top
chcat
External


Since: Dec 08, 2011
Posts: 3
PostPosted: Sat Dec 10, 2011 5:51 am    Post subject: Re: packet drop notifications -? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Dec 8, 10:43 am, Richard Kettlewell wrote:
> chcat writes:
> > I am looking for the approach to receive notifications in application
> > code when linux firewall drops the packet.
> > Can it be done without changes in kernel code?
> > Thanks....
>
> Add a LOG rule before each DROP rule, and then monitor the kernel log
> output.
>
> --http://www.greenend.org.uk/rjk/

Are there other methods that wouldn't require changes of existing
RULES ? I am interested more in the terms of programmatic "hooks"...
Thanks.
Back to top
Jorgen Grahn
External


Since: Feb 17, 2009
Posts: 70
PostPosted: Sat Dec 10, 2011 1:10 pm    Post subject: Re: packet drop notifications -? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sat, 2011-12-10, chcat wrote:
> On Dec 8, 10:43 am, Richard Kettlewell wrote:
>> chcat writes:
>> > I am looking for the approach to receive notifications in application
>> > code when linux firewall drops the packet.
>> > Can it be done without changes in kernel code?
>> > Thanks....
>>
>> Add a LOG rule before each DROP rule, and then monitor the kernel log
>> output.

> Are there other methods that wouldn't require changes of existing
> RULES ? I am interested more in the terms of programmatic "hooks"...

Why would there be one? iptables(Cool says

ACCEPT means to let the packet through. DROP means to drop the
packet on the floor. QUEUE means to pass the packet to
userspace.

They have little reason to add this functionality to DROP, when it's
already available and called QUEUE. (Not counting the many extension
targets, one of which may suit you better, depending on what you want
to do.)

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
Back to top
chcat
External


Since: Dec 08, 2011
Posts: 3
PostPosted: Sun Dec 11, 2011 6:58 am    Post subject: Re: packet drop notifications -? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Dec 10, 11:54 am, Jorgen Grahn wrote:
> On Sat, 2011-12-10, chcat wrote:
> > On Dec 8, 10:43 am, Richard Kettlewell wrote:
> >> chcat writes:
> >> > I am looking for the approach to receive notifications in application
> >> > code when linux firewall drops the packet.
> >> > Can it be done without changes in kernel code?
> >> > Thanks....
>
> >> Add a LOG rule before each DROP rule, and then monitor the kernel log
> >> output.
> > Are there other methods that wouldn't require changes of existing
> > RULES ? I am interested more in the terms of programmatic "hooks"...
>
> Why would there be one? iptables(Cool says
>
>        ACCEPT means to let the packet through.  DROP means to drop the
>        packet on the floor.  QUEUE means to pass the packet to
>        userspace.
>
> They have little reason to add this functionality to DROP, when it's
> already available and called QUEUE. (Not counting the many extension
> targets, one of which may suit you better, depending on what you want
> to do.)
>
> /Jorgen
>
> --
>   // Jorgen Grahn <grahn@  Oo  o.   .     .
> \X/     snipabacken.se>   O  o   .

Sorry if i did not state the problem clearly enough...
Iptables firewall is already running on the system.
The application in question, or its user cannot change iptables rules.
That's up to firewall admin.
The application needs approximate count of packet drop by firewall per
second.
Any suggestions?
Thanks in any case.
Back to top
Jorgen Grahn
External


Since: Feb 17, 2009
Posts: 70
PostPosted: Sun Dec 11, 2011 11:10 am    Post subject: Re: packet drop notifications -? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sun, 2011-12-11, chcat wrote:
> On Dec 10, 11:54 am, Jorgen Grahn wrote:
>> On Sat, 2011-12-10, chcat wrote:
>> > On Dec 8, 10:43 am, Richard Kettlewell wrote:
>> >> chcat writes:
>> >> > I am looking for the approach to receive notifications in application
>> >> > code when linux firewall drops the packet.
>> >> > Can it be done without changes in kernel code?
>> >> > Thanks....
>>
>> >> Add a LOG rule before each DROP rule, and then monitor the kernel log
>> >> output.
>> > Are there other methods that wouldn't require changes of existing
>> > RULES ? I am interested more in the terms of programmatic "hooks"...
>>
>> Why would there be one? iptables(Cool says
>>
>>        ACCEPT means to let the packet through.  DROP means to drop the
>>        packet on the floor.  QUEUE means to pass the packet to
>>        userspace.
>>
>> They have little reason to add this functionality to DROP, when it's
>> already available and called QUEUE. (Not counting the many extension
>> targets, one of which may suit you better, depending on what you want
>> to do.)

> Sorry if i did not state the problem clearly enough...
> Iptables firewall is already running on the system.
> The application in question, or its user cannot change iptables rules.
> That's up to firewall admin.

This sounds like a problem. I think it is unlikely that you'll find a
way to do things to the iptables which do not require the cooperation
of the admin.

> The application needs approximate count of packet drop by firewall per
> second.

That is a humble wish (little security or privacy impact) but it seems
unlikely that you can do anything unless you at least have access to
the logs.

Note though that I'm not an expert; perhaps someone else can explain
the issues better.

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
Back to top
Jamma Tino Schwarze
External


Since: Dec 13, 2011
Posts: 1
PostPosted: Tue Dec 13, 2011 12:10 pm    Post subject: Re: packet drop notifications -? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi chcat,

chcat wrote:

> I am looking for the approach to receive notifications in application
> code when linux firewall drops the packet.

You want the notification exactly where? In sending application? Then
don't use DROP, use REJECT. It causes ICMP replies to be sent.

Jamma.

--
"What we nourish flourishes." - "Was wir nähren erblüht."

www.tisc.de
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Networking All times are: Eastern Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum