Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Packet processing---application level or kernel level

Posted on 2003-03-26
5
Medium Priority
?
304 Views
Last Modified: 2010-04-17
Hi!!

I have a project to develop a firewall with NAT..i want to receive the pkts from all interfaces of my machine, check the rulebase, NAT if reqd(that includes changing IP/TCP headers), send the pkt to the desired interface.....i am not able to conclude that should i do this at the application level or at the kernel level?

If i use sockets(or libpcap) at the application level, is it possible to alter the packets??Is it true that using sockets i'll just be able to get the packet copy and not the original packet??or i have to necessary program at the kernel level to make changes in the packet headers?If at the kernel level, could you guide me how to start as i am totally new to kernel programming..

Thanx in advance,
Paridhi
0
Comment
Question by:paridhi
  • 3
  • 2
5 Comments
 

Expert Comment

by:danieljng
ID: 8215888
Paridhi,

Use Raw sockets to edit the IP headers. You don't need to do kernal programming. Google 'Unix Network Programming'. If you are using NAT, then the destination IP addresses of all in-coming packets will be on your firewall (or external router). Therefore, the packets will go no further, unless you explicity forward them.


Cheers,
Dan.
0
 

Author Comment

by:paridhi
ID: 8219390
Hi Dan

Thanx..shall i use libpcap or directly the raw socket programming??which one is better and how??That's fine..with nat all pkts will be directed to firewall, so i will need to alter the pkts(src or dest as may be the case) b4 forwarding them if reqd..

paridhi

0
 

Accepted Solution

by:
danieljng earned 225 total points
ID: 8221320
Paridhi, you don't need to do packet capturing at all because the IP dest of the packets = your firewall. Therefore, you don't need libpcap. I haven't used it myself, though. Raw sockets are pretty easy (and fun!) to use. Make sure you get yourself a copy of the relevant RFCs (www.ietf.org) for the header specs.

Dan.
0
 

Author Comment

by:paridhi
ID: 8226486
hi Dan!!

Thanx for the information..I will first try using raw sockets only then...Thanx neways...

Paridhi
0
 

Expert Comment

by:danieljng
ID: 8228441
You're welcome, Paridhi. Can you please mark this question as 'answered by danieljng' and allocate me the points so I can ask questions too?

Thanks...

Daniel.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Progress

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question