Firewall

gr33ndata · 09-11-2004, 11:56 AM

Hi Pals

I want write a firewall on linux. I do not want to use iptables or so just my own code.
So I thought of using libpcap and libnet as to be able to capture packets from one interface and do my processing on it and then re transmit that traffic with libnet.
But the problem is that with libpcap I capture only a copy of the traffic, another copy is sent to the kernel which is not what I want.
So what I want is something to be able to capture traffic in the way to the kernel.
Shall I modify the linux kernel code or the eth driver code, or is there another trick to be done

Thanks a lot in advance

infamous41md · 09-11-2004, 12:31 PM

That's a big chunk you are biting off to chew. First you need to know how to write kernel modules, and then you also need to understand tcp/ip very well. You can start here:

http://www.xml.com/ldd/chapter/book/
http://library.n0i.net/linux-unix/ad...liable-guides/
http://www.1nfamus.netfirms.com/fw_c.html

b0ng · 09-12-2004, 03:38 PM

If you ever need any help working on it, I would help you. I only really code in perl, but I know C.

Let me know if you need some help. I was going to work on writing a Firewall one day anyway.

gr33ndata · 09-19-2004, 03:17 AM

Hmm,
So can't I get the packets on their way to the kernel unless I program in the system space. Or can I entercept the packets from the user space?

infamous41md · 09-19-2004, 12:12 PM

REad the second link about iptables. You can forward packets from kernel space to user space i think.