Hi,
I'm developing a proxy system for TCP handshakes. Essentially, it's a similar
system to a TRAP server where SYN packets will be handled by a proxy server and
once the handshake completes, the connection gets handed off to the actual
server. In my implementation, I have a few extra functionalities I'm adding in
which require me to notify a third party once a valid handshake ACK is
received. However, I'm unable to find a way to verify an incoming ACK packet.
My initial implementation was using NFQueue and IPtables in user space, where
I'll simply intercept ACK packets with the ESTABLISHED state (iptables
--tcp-flags SYN,ACK,... ACK -m state --state ESTABLISHED) and queue them to one
of the netfilter queues where I then ensure that they don't have a payload
(therefore, confirming it is a handshake packet with ACK flag. Currently
ignoring things like TCP Fast Open where the payload is included in the
handshake ACK packet).
If IPtables can access the connection tracking tables, then that means it is
possible from a netfilter kernel module. I'm just not sure how? I've got a
general concept of how networking works in the Linux kernel but a bit clueless
on the actual implementation. Any help?
-- Swarm
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
