[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] packet filtering support

From: Mandeep Sandhu
Subject: Re: [lwip-users] packet filtering support
Date: Fri, 17 Jul 2009 14:09:11 +0530

> Yes, I think so - see the IP_FORWARD option and associated code.
>> For intercepting DNS request, I plan to do the following:
>> * Implement a very limited DHCP server (one which offers addr
>>   to only 1 DHCP client. This would return the DNS server's IP as
>>   my own.
>> * Now if the client tries to resolve a domain name, that request will
>>   come to my IP.
>> * If I have raw socket support, I can inspect the packet and if it's for
>>   the domain I want to resolve, I can fwd it to an external resolver using
>>   the DNS client functions.
>> Does this sound feasible?
> Sort of.  lwIP does already have DHCP and DNS support, but just not with
> the limitations that you want (e.g. to only serve one DHCP client).  I'm
> also not sure about forwarding DNS requests and whether that is the best
> strategy.  I suppose you could try it and see if it works.

But from what I've read, lwIP only has the _clients_ for DHCP/DNS. Are you
saying there is server support as well?

>> Is there any doc available exapling the raw socket API in lwIP? Currently
>> I'm looking at;
>> http://lwip.wikia.com/wiki/Raw/native_API
> I think you might be confusing lwIP's "raw API" with a "raw socket API".
> The two are very different: lwIP's raw API is just an efficient way of
> sending and receiving data over TCP and UDP connections; the raw socket
> API allows you to send and receive ethernet frames with direct access to
> the packet headers.  The lwIP raw API does not give you access to the
> packet headers, which I think you'd need.  There is I think some limited
> support in lwIP for raw sockets, but I'm not sure how well used it is.

Yes. You're right. I'll need raw "socket" API's to do the job. Any good
documentation for the same? This link seems incomplete:


>> As for the IP filtering, I think I'll have to alter the stack! :(
>> Do you think it makes sense to provide API's to configure such filters?
> If you know that the filters will always need to be the same, then you
> can just configure them statically.  If you application will need to
> change them at any time then you'll need an API for it to do so.  Which
> one of these makes most sense depends on your application.

Yes, the filters will be pretty much static, something that'll be done only
at bootup time.

Thanks for taking the time to make suggestions. Really appreciate it.


> Kieran
> _______________________________________________
> lwip-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/lwip-users

reply via email to

[Prev in Thread] Current Thread [Next in Thread]