Network traffic analysis - Kernel level - please help

[duten_max]

Hi everybody,

I´m actually carrying an internship and I would like to make some traffic analysis on a Kernel level. My first goal is to build a loadable module to count how many packets go throught eth0 during a short time and to save this packets somewhere (maybe in a created /proc/<my_folder> folder). I read about net_device and net_device stat but I can´t find any .c to see how it works. So I´ve two questions:

[1]Do you think net_device is the good way to do it?
[2]Do you know where I could find any examples?

/* Config */
2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux

Thank you for helping!

[duten_max]

Anybody? No idea?

[agent_0range]

You probably want to look at the NETFILTER post-routing hook. It is a built in interception point where you could check the intended destination interface of a packet by inspecting skb->dev.

Shouldn't be a concern for this particular task but I recently found out there was a significant change in 2.6.31+ in the way the kernel uses net_device. Much of the funtionality (callbacks etc) is now in net_device_ops.


I strongly suggest the books "Linux Device Drivers" and "Linux Network Internals" (both O'Reilly books)

[duten_max]

Thank you for your answer.
I have the first book but I don´t know the second one, i´ll tri to find it.