[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] packet filtering support

From: address@hidden
Subject: Re: [lwip-users] packet filtering support
Date: Fri, 17 Jul 2009 09:04:55 +0200
User-agent: Thunderbird (Macintosh/20090605)

Mandeep Sandhu wrote:
But IP fwding between 2 interfaces is possible w/o any modifications
to the stack...right?

Yes, IP forwarding should without any problems.

For intercepting DNS request, I plan to do the following:

* Implement a very limited DHCP server (one which offers addr
  to only 1 DHCP client. This would return the DNS server's IP as
  my own.
* Now if the client tries to resolve a domain name, that request will
  come to my IP.
* If I have raw socket support, I can inspect the packet and if it's for
  the domain I want to resolve, I can fwd it to an external resolver using
  the DNS client functions.

Does this sound feasible?

If implementing both a DHCP and a DNS server is OK for you, then yes.

As for the IP filtering, I think I'll have to alter the stack! :(

Do you think it makes sense to provide API's to configure such filters?

If you really only need pure IP forwarding and want to filter it, I'd just add somthing like this to the top of ip_fordward:

if(ip_forward_filter(...) != ERR_OK) {
 return NULL;
#endif /* IP_FORWARD_FILTER */

That way, it could even be integrated into the stack, I guess.

But you should be aware that this IP forwarding only works for public networks (i.e. NAT, like used for most broadband routers, is not supported)!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]