[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: help tcp packet filetering
On Thu, Apr 06, 2000 at 12:53:07PM +0530, Pramodh B N wrote:
> hey everybody,,
> i am working on a project which involves me to capture ip packet and check
> the address and again send that packet.. (firewall implementation)
> can anybody help me out in this thing..
> i have downloaded a program called sniffit.. now i can see the packets but
> i want a program which can get the packet and then check it and send that
Linux already provides such functionality. But if you'd like to reimplement
it for an academic project, you'll have to write a kernel module, that
implements this algorithm.
The rules themseleves can be fed to the kernel module using a user level
You may also want to try divert(4) sockets on FreeBSD.
The above API allows you to implement your firewall as a user level process.
Yes, it's a little bit slower than the kernel mechanism, but is easier to
maintain, debug and port.
Both ipfw and natd on *BSD use the above mechanism.
PS: If access to BSD cdroms is an issue, it is very easily solvable :)