[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[betoyi@xxxxxxx: help tcp packet filetering]

You probably wanted to send it to LIP. So I'm forwarding it there.
All those mechanisms use raw TCP/IP sockets, bug-to-bug compatible
with the BSD socket implementation. See:


However, if you use that mechanism for doing TCP packet filtering,
you'll have to examine *all* IP packets. Using the divert(4) 
mechanism in BSD that I mailed a pointer to earlier, you can limit
yourself to TCP packets addressed to a particular port -- which
is great for doing things like NAT at the user level.

--- Begin Message ---
>Date: Sat, 8 Apr 2000 16:11:29 -0700
>From: Arun Sharma <adsharma@xxxxxxxxxxxxxxx>
>To: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
>Subject: Re: [LIP] help tcp packet filetering
>X-Mailer: Mutt 0.95.6i
>List-Help: http://lists.linux-india.org/lists/LIP
>List-Owner: mailto:linux-india-programmers-owner@xxxxxxxxxxxxxxxxxxxxx
>List-Archive: http://lists.linux-india.org/cgi-bin/wilma/LIP
>Sender: linux-india-programmers-owner@xxxxxxxxxxxxxxxxxxxxx
>Reply-To: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
>On Thu, Apr 06, 2000 at 12:53:07PM +0530, Pramodh B N wrote:
>> hey everybody,,
>> i am working on a project which involves me to capture ip packet and check
>> the address and again send that packet.. (firewall implementation)
>> can anybody help me out in this thing..
>> i have downloaded a program called sniffit.. now i can see the packets but
>> i want a program which can get the packet and then check it and send that
>> packet..
>Linux already provides such functionality. But if you'd like to reimplement
>it for an academic project, you'll have to write a kernel module, that
>implements this algorithm.
>The rules themseleves can be fed to the kernel module using a user level
>You may also want to try divert(4) sockets on FreeBSD.
>The above API allows you to implement your firewall as a user level process.
>Yes, it's a little bit slower than the kernel mechanism, but is easier to
>maintain, debug and port.
>Both ipfw and natd on *BSD use the above mechanism. 
>	-Arun
>PS: If access to BSD cdroms is an issue, it is very easily solvable :) 
For Pramod B.N.
-->i am master of comp. sc. student. We have done a similar project as a part
of our advanced networks course. We called it the packet sniffer. We
implemented it On Linux, c using Fdesign for the front end. If you are doing
it in C, it is very easy, and a lot of source codes are available on the
internet itself. We had used threads and spawning. It turned out to be fine.
try searching for "packet sniffers" on the net. also, look for the RFCs as
given in Tannenbaum's book on TCP, UDP, ICMP protocols. we had only
implemented the above 3, you could also try ARP and RARp etc. It was two of
us, and the project took about 2 months. So that shouldnt be very difficult.
Only we didnt do any kerner level programming, directly system level using
system calls etc.
Hope this is of sme help. I am currently away from home, doing my project, so
dont have access to my code or anything. 
--sincerely, Betoyi

Get free email and a permanent address at http://www.netaddress.com/?N=1

--- End Message ---