I intend to find certain packet data in the kernel and intercept it (either drop certain packets or redirect them). A natural way is to somehow catch all packets, inspect their data and drop/redirect certain packets.

I have tried to intercept them directly in the kernel code (here, at the point to copy the data into user space) but the data that is pushed by the server without requests cannot be accessed there.

Another choice could be netfilter hooks like this post. However, such hook is below TCP layer and it seems that reordering and packet losing is not dealt with yet.

So I'm wondering whether there are any elegant solutions to catch packet and operate on them upon TCP layer?

Thanks!

If you want to receive only specific stuff and drop not matching stuff, could you open a raw/tcp socket with a BFP filter attached to it ?

Ex - https://www.kernel.org/doc/Documentation/networking/filter.txt