Xref: utzoo comp.protocols.tcp-ip:5280 comp.unix.wizards:12297
Path: utzoo!utgpu!attcan!uunet!tektronix!tekcrl!tekfdi!videovax!bart
From: bart@videovax.Tek.COM (Bart Massey)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: Packet filtering for 4.3BSD ?
Message-ID: <5307@videovax.Tek.COM>
Date: 10 Nov 88 20:53:52 GMT
References: <2973@ci.sei.cmu.edu> <45@gnome6.pa.dec.com>
Reply-To: bart@videovax.UUCP (Bart Massey)
Organization: Tektronix Television Systems, Beaverton, Oregon
Lines: 33

In article <45@gnome6.pa.dec.com> vixie@decwrl.dec.com (Paul Vixie) writes:
> # I have a TCP/IP gateway running 4.3BSD, and I've just been told that it
> # has to be able to filter packets based on UDP and TCP port numbers, and
> # possibly on source and destination IP addresses.  Has anyone already modified
> # 4.3BSD to do this sort of thing?  If so, I'd like to see the code...
> 
> In principle, this is not that hard to do.  Issues are:
> 1. speed
> 2. managability
> 3. minimal change 
> Like I said, in principle it's not that hard.  But if anyone actually
> implements something and/or publishes a paper on it, I'd sure like to
> hear about it.  SMOP and all that.

One of the lesser known pieces of useful code I discovered recently is the
BSD "packet filter" code which has been around since at least 4.2D, and is
currently in /usr/src/new/enet in the 4.3 distribution.  With fairly minimal
changes (mainly to the ethernet driver for your machine) you should be able
to get it to do everything you want and satisfy 1-3 above...  Its chief use
currently is for filtering off and generating V packets for UNIX V servers,
but it's really much more general-purpose than that...

					Bart Massey
					
					Tektronix, Inc.
					TV Systems Engineering
					M.S. 58-639
					P.O. Box 500
					Beaverton, OR 97077
					(503) 627-5320

					UUCP: ..tektronix!videovax!bart
					DOMAIN: bart@videovax.tek.com