I am implementing a packet filtering mechanism by detecting some "bad" packets and suitably dropping them when there is an overload of packets on the router. I am working with Linux Network Stack and using netfilter hooks for my implementation In this regard I want to manipulate packet receive queues to "mark" packets and possibly drop those bad packets. How can I manipulate packet receive queues.Basically I want to drop all "bad" packets in the receive queues. Will using libnetfilter_queue api's help ?
1 Answers
1
votes
Based on my knowledge, there is currently no (easy) way to drop packets already queued by the kernel. When I have been in the need of something similar to you, I have gone for one of two approaches.
1) Marked my packets at the earliest possible convenience (for example in table taw and then PREROUTING), and then dropped them when they passed through a later table. In order to detect a mark, add "-m mark --mark YOUR MARK HERE" to your DROP-rule.
2) Used the NFQUEUE target to send packets to user space (or relevant information) and then do filtering there. To process packets in user space, I recomend libnetfilter_queue
