Lantern is a lightweight packet analyzer that also supports blocking source and destination IP addresses. This is achieved through the interaction between a kernel module and a GUI application
β
IPv4 & IPv6
β
TCP & UDP
β
ICMPv6 & IGMP
β All other protocols not mentioned above
π― Block/unblock IPs (currently only a context menu and message box are available)
π― Implement proper multithreading in the user-mode application (using thread pools)
π― Support for additional protocols
π― Display more detailed information when a packet is selected
The column "CPU #" shows the cpu that called the hook function (
capture(), in the driver source code)
The driver, currently named packet_sniffer.c, is responsible for reading network packets using a Netfilter hook. This hook, called NF_INET_PRE_ROUTING, is triggered right after packets enter the kernel's network stack. With this hook, it's possible to re-route, accept, or drop the packet.
Each packet is collected in a buffer, which is then copied to a user-space buffer using device_read (via a character device).
The user-mode application reads a specified number of bytes from the character device, with the kernel driver ensuring that only a fixed maximum amount of data is copied.
- Tested on Linux v6.9 and v6.10 (atm)
- You will also need to have wxWidget installed
Compile and execute with:
make && make runEach action requires sudo privileges - at least for now.
You can also remove the generated files:
make clean
The kernel module will be compiled, loaded and automatically unloaded when the application exits.