The Outgoing and Incoming Network Packets Intercepting Method

In connexion with the rapidly growing computer network information capacities, information security of local networks connected with global networks becomes a critical challenge. One of the information security aspects is to control and filter the network traffic by intercepting the incoming and outgoing network packets. This is accomplished owing to firewalls. The Linux kernel 2.4.x included the Netfilter firewall and the iptables utility, which allow us to analyse only the packets headers and their pertaining to specific network connections. In addition, the practice of rewriting the Linux kernel codes complicates the maintenance of the software targeting for this firewall.The article proposes a network packet intercepting method based directly on the structures and functions of the kernel, so it has no restrictions associated with the inherent Netfilter/iptables functionality. To provide intercepting, are used the struct net_device structure of the kernel that describes a network device and the struct net_device_ops structure that lists operations possible on the network device and two functions: ndo_start_xmit and rx_handler used to process outgoing and incoming packets, respectively. These functions are rewritten in order to include new functionality into the kernel to meet the users’ requests. The use of the structures and functions of the kernel provides desirable stability, versatility, and adaptive capability of the developed software for users’ requests such as content analysis of data transmitted in packets, their encryption and decryption. The proposed method can be used to create firewalls of the next-generation to implement technology of deep packet inspection, as well as a complement to the available firewalls.