I want to do something in this way:

All ip packets sent to a host A will be captured in A before the packets
are passed to the high layer, i.e. the TCP or APP.

And, all ip packets sent from A to some other host will be captured in
low layer in A, i.e. Link layer, then the packet will be transferd.

that means i can do something before a packet is passed to the TCP or APP and the same as before it is passed to the Link layer.

I think, if i rewrite the ip stack in kernel, i can do it.
but, is there a simple method to do this? for example, writing a module or a program, when i load the module or run the program, all will be ok.

it is seem to be more difficult. and what is about the windows. i can't rebuild the windows.

would you like to give me some suggestions?

What about looking some firewall source code and see how it is done ?

good idea. but that is a different way.

i want do it on the source host, not a intermedia host.

How?

This is not a different way, a firewall can sit anywhere, on the server, the client, or a machine between.

you are right, and that is a very good way to do this,
i am so sorry for my ignorantness.

and, would you like to give me some directions about how to
get some source code about a firewall.


thx any way.

You should first tell on what O/S you want your intercepting code to run.
Then I'm sure google will help you finding source code.

I have found one from google.

So kind of you.

I have read some firewall source code of linux, but almost of them base on
the linux utility iptables, that means i can't change any ip packet and only
can make a decision of droping of accepting.

that is so discouraged.

is there one which does not base on iptables? where to get it?

Try googling for "Roll your own firewall with netfilter", it's a Linuxjournal article that does something similar.

Also, I believe phrack.... 55 was it? had something on the matter too...