matthew at DaMOO.csun.edu
Sat Nov 30 10:19:34 UTC 2002
If you want to change TCP/IP packets as they fly past your firewall,
first check that the Linux kernel doesn't already do what you want -
'iptables' can do all sorts of packet filtering/mangling/NAT already.
If iptables doesn't do what you want then queue the packets to userspace
using the TUN/TAP kernel driver, do your stuff to them, then queue them
back into kernelspace for transmission. See
Alternatively, if you don't want to change the packets but only see them
going past, check out the 'tcpdump' program (maybe it just uses the tuntap
driver, I dunno).
If all you want to do is read and/or modify the payload data, not eg the
packets' TCP or IP header fields, then write an application level proxy or
download an existing one and hack on it. On the client set the firewall to
be the proxy somehow; your program on the firewall/proxy accept()s the
connection, does 'stuff' with the data sent over the connection, and
eventually maybe connects on to the destination host and forwards the
request on. I bet there are lots of such programs on Freshmeat.net.
There's a nice HTTP one called tinyproxy for a start - easy to hack on.
On Fri, 29 Nov 2002, Srinath Thiruvengadam wrote:
> hello all,
> well, i have to implement tcp in userspace.. the setup is something like
> i have to implement a program that runs tcp in usespace on a firewall.
> should intercept packets that are sent from client to server.
> now, i dont know anything about userspace tcp.. how do i go about this ?
> do you
> know of similar projects that were done before ? where can i find more
> information about this ??
> Million thanks and best regards,
> This is the Linux C Programming List
> : http://lists.linux.org.au/listinfo/linuxcprogramming List
More information about the linuxCprogramming