Re: Packet Header Filtering
On Fri, Dec 08, 2000 at 12:03:12AM -0500, Alwyn Goodloe wrote: i) look at an ip packet header. If some conditions are met let the packet pass otherwise reject the packet. ii) Look at ip packet headers of established connections and when certain conditions are met tear down the connection. I presume you mean TCP in the second case, IP doesn't have a notion of an established connection by itself. Obviously this isn't the kind of thing we will be using the usual firewall software, at least not as I understand the software. What I want to know from you FreeBSD hackers is: This sounds exactly like what regular packet filtering software like ipfw or ipf do (both have man pages). Another possibility would be to use netgraph and the ng_bpf device, which can do any filtering that the Berekley Packet Filter can do. David. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Packet Header Filtering
Look at IPF/IPFW they both have state table stuff in them, and analyzing the ip header is done by both as well. I would suggest you hack ipf to do what you want if it doesnt do it already. Cheers Andrew On Fri, 8 Dec 2000, Alwyn Goodloe wrote: We are about to begin a little project that has the following requiremnet. Perform IP packet filtering in the following way : i) look at an ip packet header. If some conditions are met let the packet pass otherwise reject the packet. ii) Look at ip packet headers of established connections and when certain conditions are met tear down the connection. Obviously this isn't the kind of thing we will be using the usual firewall software, at least not as I understand the software. What I want to know from you FreeBSD hackers is: i) if anyone has done something similar do you have any advice. ii) Anyone know where I should start hacking. Would it be best to try to hack the firewall code or the ipforwarding code Any such advise would be helpful. Alwyn Goodloe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Packet Header Filtering
Lists Account wrote: Look at IPF/IPFW they both have state table stuff in them, and analyzing the ip header is done by both as well. I would suggest you hack ipf to do what you want if it doesnt do it already. Cheers Andrew On Fri, 8 Dec 2000, Alwyn Goodloe wrote: We are about to begin a little project that has the following requiremnet. Perform IP packet filtering in the following way : i) look at an ip packet header. If some conditions are met let the packet pass otherwise reject the packet. you could hack your chacks into if_fw.c if they are not already supported.. what kinds of checks do you want to do? Alternatively you could use teh divert sockets to make all packets that might need filtering, up to a userland process that can do arbitrarily complicated filtering. If you want a framework with which to start, you could start with natd and strip out the address translation calls and replace them with your filtering calls. OR you could catch packets at the ethernet using netgraph and either write a loadable netgraph module that does your filtering, or passes it up to a daemon that can do arbitrary filtering. it would be easier for us to answer if you said what kind of filtering you want to do. ii) Look at ip packet headers of established connections and when certain conditions are met tear down the connection. Obviously this isn't the kind of thing we will be using the usual firewall software, at least not as I understand the software. What I want to know from you FreeBSD hackers is: i) if anyone has done something similar do you have any advice. ii) Anyone know where I should start hacking. Would it be best to try to hack the firewall code or the ipforwarding code Any such advise would be helpful. Alwyn Goodloe [EMAIL PROTECTED] -- __--_|\ Julian Elischer / \ [EMAIL PROTECTED] ( OZ) World tour 2000 --- X_.---._/ presently in: Budapest v To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Packet Header Filtering
Look at ipproto switch table... That might help you find some function pointers that would be logical to hijack in order to do this sort of thing. it's in /usr/src/sys/netinet/*.c somewhere. andrew On Fri, 8 Dec 2000, Alwyn Goodloe wrote: We are about to begin a little project that has the following requiremnet. Perform IP packet filtering in the following way : i) look at an ip packet header. If some conditions are met let the packet pass otherwise reject the packet. ii) Look at ip packet headers of established connections and when certain conditions are met tear down the connection. Obviously this isn't the kind of thing we will be using the usual firewall software, at least not as I understand the software. What I want to know from you FreeBSD hackers is: i) if anyone has done something similar do you have any advice. ii) Anyone know where I should start hacking. Would it be best to try to hack the firewall code or the ipforwarding code Any such advise would be helpful. Alwyn Goodloe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message *-. | Andrew R. Reiter | [EMAIL PROTECTED] | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Packet Header Filtering
We are about to begin a little project that has the following requiremnet. Perform IP packet filtering in the following way : i) look at an ip packet header. If some conditions are met let the packet pass otherwise reject the packet. ii) Look at ip packet headers of established connections and when certain conditions are met tear down the connection. Obviously this isn't the kind of thing we will be using the usual firewall software, at least not as I understand the software. What I want to know from you FreeBSD hackers is: i) if anyone has done something similar do you have any advice. ii) Anyone know where I should start hacking. Would it be best to try to hack the firewall code or the ipforwarding code Any such advise would be helpful. Alwyn Goodloe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message