This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug translator/13667] New: expose netfilter hook

From: "fche at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: systemtap at sourceware dot org
Date: Mon, 06 Feb 2012 16:30:40 +0000
Subject: [Bug translator/13667] New: expose netfilter hook
Auto-submitted: auto-generated

http://sourceware.org/bugzilla/show_bug.cgi?id=13667

             Bug #: 13667
           Summary: expose netfilter hook
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
        AssignedTo: systemtap@sourceware.org
        ReportedBy: fche@redhat.com
    Classification: Unclassified


The netfilter hook mechanism is a legacy linux kernel mechanism
that (in the absence of tracepoints) could be an attractive
alternative to kprobes for monitoring or even manipulating
network traffic.  See <linux/netfilter.h>, net/netfilter/core.c
nf_iterate().

Possible basic probe point syntax:

probe netfilter.hook  {
    do_something_with ($skb, $in, $out)
    # dunno what to do with $okfn
    $verdict = NF_DROP
}

With extensions expressed as filters on those $values possibly
expressed as:

probe netfilter.hook.sk_family("PF_INET").indev("eth0").outdev("eth0") { 
    do_something_with ($skb)
    $verdict = NF_QUEUE|nf_queue_number(4)
}

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Bug translator/13667] expose netfilter hook
  - From: cmeek at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]