Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please support "Linux Netfilter NFLOG" #17

Open
NeptuneNeptune opened this issue Sep 28, 2021 · 2 comments
Open

Please support "Linux Netfilter NFLOG" #17

NeptuneNeptune opened this issue Sep 28, 2021 · 2 comments

Comments

@NeptuneNeptune
Copy link

NeptuneNeptune commented Sep 28, 2021
edited
Loading

I captured packets through following codes on Android devices
`
iptables -A OUTPUT -p udp --dport 53 -j CONNMARK --set-mark ${userId}

iptables -A OUTPUT -m owner --uid-owner ${userId} -j CONNMARK --set-mark ${userId}

iptables -A INPUT -m connmark --mark ${userId} -j NFLOG --nflog-group ${userId}

iptables -A OUTPUT -m connmark --mark ${userId} -j NFLOG --nflog-group ${userId}

nohup tcpdump -i nflog:${userId} -w ${pcapPath} > /dev/null 2>&1 &
`
but I cannot analyse this pcap, because the packet wrapped by "Linux Netfilter NFLOG".
@davidmcgrew
Copy link
Member

I think you are suggesting that mercury support the PCAP LINKTYPE for Netfilter https://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html, and parse the packet payload from that LINKTYPE and apply normal packet processing to it. Is that right? Thanks!

@davidmcgrew
Copy link
Member

Hi NeptuneNeptune, mercury recently added support for multiple linktypes (but not NFLOG yet). Are you still interested in this issue? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidmcgrew @NeptuneNeptune