Packet processing---application level or kernel level

Hi!!

I have a project to develop a firewall with NAT..i want to receive the pkts from all interfaces of my machine, check the rulebase, NAT if reqd(that includes changing IP/TCP headers), send the pkt to the desired interface.....i am not able to conclude that should i do this at the application level or at the kernel level?

If i use sockets(or libpcap) at the application level, is it possible to alter the packets??Is it true that using sockets i'll just be able to get the packet copy and not the original packet??or i have to necessary program at the kernel level to make changes in the packet headers?If at the kernel level, could you guide me how to start as i am totally new to kernel programming..

Thanx in advance,
Paridhi
paridhiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

danieljngCommented:
Paridhi,

Use Raw sockets to edit the IP headers. You don't need to do kernal programming. Google 'Unix Network Programming'. If you are using NAT, then the destination IP addresses of all in-coming packets will be on your firewall (or external router). Therefore, the packets will go no further, unless you explicity forward them.


Cheers,
Dan.
0
paridhiAuthor Commented:
Hi Dan

Thanx..shall i use libpcap or directly the raw socket programming??which one is better and how??That's fine..with nat all pkts will be directed to firewall, so i will need to alter the pkts(src or dest as may be the case) b4 forwarding them if reqd..

paridhi

0
danieljngCommented:
Paridhi, you don't need to do packet capturing at all because the IP dest of the packets = your firewall. Therefore, you don't need libpcap. I haven't used it myself, though. Raw sockets are pretty easy (and fun!) to use. Make sure you get yourself a copy of the relevant RFCs (www.ietf.org) for the header specs.

Dan.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
paridhiAuthor Commented:
hi Dan!!

Thanx for the information..I will first try using raw sockets only then...Thanx neways...

Paridhi
0
danieljngCommented:
You're welcome, Paridhi. Can you please mark this question as 'answered by danieljng' and allocate me the points so I can ask questions too?

Thanks...

Daniel.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.