Packet processing---application level or kernel level

Posted on 2003-03-26
Medium Priority
Last Modified: 2010-04-17

I have a project to develop a firewall with NAT..i want to receive the pkts from all interfaces of my machine, check the rulebase, NAT if reqd(that includes changing IP/TCP headers), send the pkt to the desired interface.....i am not able to conclude that should i do this at the application level or at the kernel level?

If i use sockets(or libpcap) at the application level, is it possible to alter the packets??Is it true that using sockets i'll just be able to get the packet copy and not the original packet??or i have to necessary program at the kernel level to make changes in the packet headers?If at the kernel level, could you guide me how to start as i am totally new to kernel programming..

Thanx in advance,
Question by:paridhi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 8215888

Use Raw sockets to edit the IP headers. You don't need to do kernal programming. Google 'Unix Network Programming'. If you are using NAT, then the destination IP addresses of all in-coming packets will be on your firewall (or external router). Therefore, the packets will go no further, unless you explicity forward them.


Author Comment

ID: 8219390
Hi Dan

Thanx..shall i use libpcap or directly the raw socket programming??which one is better and how??That's fine..with nat all pkts will be directed to firewall, so i will need to alter the pkts(src or dest as may be the case) b4 forwarding them if reqd..



Accepted Solution

danieljng earned 225 total points
ID: 8221320
Paridhi, you don't need to do packet capturing at all because the IP dest of the packets = your firewall. Therefore, you don't need libpcap. I haven't used it myself, though. Raw sockets are pretty easy (and fun!) to use. Make sure you get yourself a copy of the relevant RFCs (www.ietf.org) for the header specs.


Author Comment

ID: 8226486
hi Dan!!

Thanx for the information..I will first try using raw sockets only then...Thanx neways...


Expert Comment

ID: 8228441
You're welcome, Paridhi. Can you please mark this question as 'answered by danieljng' and allocate me the points so I can ask questions too?



Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question