mirceac@interplus.ro said: >I'd like to start a project involving a packet inspecting Ethernet >bridge/firewall/traffic shaper that is protocol independent ( I mean no >ties to high level protocols like TCP/IP or IPX for ex.). > >What I want to do is get raw Ethernet packets from one interface, pipe >it trough an user level program and then inject it in the other one, >and viceversa, of course ;). > >Please advise me of the means of doing this with minimum overhead >possible, or if someone started a similar project please let me know. I've made modifications to mmap()ed packet sockes (net/packet/af_packet.c) that allow incoming ethernet frames to be inspected by a userspace program and then be passed on to the rest of the protocol stack or dropped. It's by no means ready for general consumption, but it works. It handles traffic up to ~600Mbps on a dual-proc PIII-800, but I'm still trying to understand why it deadlocks under that kind of load. It doesn't do exactly what you want (the packets can't be arbitrarily altered, only filtered), but I can think of some ways to extend it to make that sort of thing possible. I'll be glad to make the code available if anyone's interested in looking at it. I'd be especially interested in getting the eyeballs of someone more familiar with the linux networking code and kernel hacking in general. -- Jason Lunz j@trellisinc.com Trellis Network Security http://www.trellisinc.com/ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
