From owner-freebsd-hackers  Fri Dec  8  9:14:42 2000
From owner-freebsd-hackers@FreeBSD.ORG  Fri Dec  8 09:14:39 2000
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id EFEF437B400
	for <freebsd-hackers@FreeBSD.ORG>; Fri,  8 Dec 2000 09:14:38 -0800 (PST)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.1/8.11.1) with SMTP id eB8HEN049163;
	Fri, 8 Dec 2000 12:14:24 -0500 (EST)
	(envelope-from arr@watson.org)
Date: Fri, 8 Dec 2000 12:14:23 -0500 (EST)
From: "Andrew R. Reiter" <arr@watson.org>
To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Packet Header Filtering
In-Reply-To: <Pine.SOL.4.21.0012080002140.29544-100000@gradient.cis.upenn.edu>
Message-ID: <Pine.NEB.3.96L.1001208121256.49144A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Look at ipproto switch table... That might help you find some function
pointers that would be logical to hijack in order to do this sort of
thing.

it's in /usr/src/sys/netinet/*.c somewhere.

andrew

 On Fri, 8 Dec 2000, Alwyn Goodloe wrote:

>    We are about to begin a little project that has the following requiremnet.
> 
>    Perform IP packet filtering  in the following way :
> 
> 
> i) look at an ip packet header. If some conditions are met let the packet pass
>    otherwise reject the packet.
> 
> 
> ii) Look at ip packet headers of established connections and when certain
>     conditions are met tear down the connection. 
> 
> 
>   Obviously this isn't the kind of thing we will be using the usual
> firewall software,  at least not  as I understand the software.  What I 
> want to know from you FreeBSD hackers is:
> 
>  i) if anyone has done something similar do you have any advice.
> ii) Anyone know where I should start hacking. Would it be best to try to
>     hack the firewall code or the ipforwarding code.... 
> 
> Any such advise would be helpful.
> 
> 
> Alwyn Goodloe
> agoodloe@gradient.cis.upenn.edu
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message