[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: help tcp packet filetering

On Thu, Apr 06, 2000 at 12:53:07PM +0530, Pramodh B N wrote:


> hey everybody,,
> i am working on a project which involves me to capture ip packet and check
> the address and again send that packet.. (firewall implementation)
> can anybody help me out in this thing..
> i have downloaded a program called sniffit.. now i can see the packets but
> i want a program which can get the packet and then check it and send that
> packet..

Linux already provides such functionality. But if you'd like to reimplement
it for an academic project, you'll have to write a kernel module, that
implements this algorithm.

The rules themseleves can be fed to the kernel module using a user level

You may also want to try divert(4) sockets on FreeBSD.


The above API allows you to implement your firewall as a user level process.
Yes, it's a little bit slower than the kernel mechanism, but is easier to
maintain, debug and port.

Both ipfw and natd on *BSD use the above mechanism. 


PS: If access to BSD cdroms is an issue, it is very easily solvable :)