LinuxFest Northwest 2015

Bellingham, WA April 25th & 26th

Deep-Packet Inspection in Userspace

nominalx's picture

Have you ever wondered how to get data from the kernel (or IPtables) into userspace to be parsed by application?  

Did you want to create your own firewalling application that did something more than print out protocol headers or to drop a packet when a specific condition was met (unlike a libpcap application)?  

Then I present to you some of the challenges when doing so and some techniques to get started using Opensource libraries (LGPL and GPL).  This is not necessarily for the faint of heart, but I will attempt to ease the pain by coaching you through general tasks such as incrementing pointers & structs through a protocol header, counting bytes, and the overall process to create a Deep-Packet inspection application.

Presenter's past work ranges from industrial network protocol security to future Masters work securing routing protocols and federated router identities. 


Experience level: 




Session Time Slot(s): 


2014-04-26 13:30-2014-04-26 14:50



Allowed Types: