From owner-freebsd-questions Sat May 18 15:34:18 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id PAA25224 for questions-outgoing; Sat, 18 May 1996 15:34:18 -0700 (PDT) Received: from premise.CS.Berkeley.EDU (root@premise.CS.Berkeley.EDU [128.32.33.172]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id PAA25215 for ; Sat, 18 May 1996 15:34:16 -0700 (PDT) Received: from premise.CS.Berkeley.EDU (localhost.Berkeley.EDU [127.0.0.1]) by premise.CS.Berkeley.EDU (8.6.11/8.6.9) with ESMTP id PAA05259; Sat, 18 May 1996 15:32:56 -0700 Message-Id: <199605182232.PAA05259@premise.CS.Berkeley.EDU> X-Mailer: exmh version 1.6.7 5/3/96 To: Archie Cobbs cc: terry@lambert.org (Terry Lambert), alk@think.com, questions@freebsd.org Subject: User-level packet munging (was Re: ip masquerading) In-reply-to: Your message of "Sat, 18 May 1996 01:24:18 PDT." <199605180824.BAA02382@bubba.whistle.com> From: bmah@cs.berkeley.edu (Bruce A. Mah) Reply-to: bmah@cs.berkeley.edu X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 18 May 1996 15:32:55 -0700 Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Archie Cobbs writes: > There's a larger question here then, which is that we need a more > general mechanism for user-land "filtering" (in the most general sense) > of packets as they cross an interface. BPF and /dev/tun? are both > great, but you can't implement a filter with them. > > Firewalling, encryption, and accounting are examples too. Let me plug a project by one of my colleagues, Eric Anderson. The "Magic Router" is essentially this kind of mechanism...originally used for load balancing connections into a distributed computing cluster but applicable to all sorts of situations where you might want packets manipulated by a user-level process. He built a prototype for L*nux, and it's being used (I think) as part of a research project here at UC Berkeley. More info at: http://http.cs.berkeley.edu/~eanders/262/ Bruce.