tags:

views:

59

answers:

2
+1  Q: 

Building a Network Appliance Prototype Using a standard PC with Linux and Two NIC's

Hi,

I am willing to build a prototype of network appliance. This appliance is suppose to transparently manipulate Ethernet packets. It suppose to have two network interface cards having one card connected to the outside leg (i.e. eth0) and the other to the inside leg (i.e. eth1).

In a typical network layout as in the attached image, it will be placed between the router and the LAN's switch.

My plans are to write a software that hooks at the kernel driver level and do whatever I need to do to incoming and outgoing packets.

For instance, an "outgoing" packet (at eth1) would be manipulated and passed over to the other NIC (eth0) which then should be transported over to the next hope

My questions are:

  1. Is this doable?
  2. Those NIC's will have no IP address, is that should be a problem?

Thanks in advance for your answers.

(And no, there is no such device yet in the market, so please, "why reinvent the wheel" style of answers are irrelevant)

typical network diagram

A: 

Apparently, it can be done. I am actually trying to build a prototype of it using scapy

Tzury Bar Yochay  2010-01-10 10:28:17
+1  A: 

I'd suggest libipq, which seems to do just what you want:

Netfilter provides a mechanism for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to do with the packets (such as ACCEPT or DROP). These packets may also be modified in userspace prior to reinjection back into the kernel.

tstenner  2010-01-10 10:45:03
thanks allot, will take a look at this as well, searching for this at the firewall areas was a smart move! if I would be able to build a prototype fast enough using it I would prefer it over scapy which is very slow comparing to libipq
Tzury Bar Yochay  2010-01-10 10:49:23
In doing intermediate filtering/modification, be aware that you're probably going to be introducing some significant latency into the message stream, especially if you're passing data in and out of user-space. Is this going to be in a high-bandwidth network? You may want to think about fast hardware and kernel level packet mangling.
Shannon Nelson  2010-01-12 05:13:47

related questions

Single Best hardware upgrade for the money?
Getting started with SideShow Devices
Change Active Sound Card on the Fly
What are the standard pin mappings for sound cards?
What's the maximum amount of RAM I can use in a Windows box?
Software to manage (hardware and software) assets
Good laptop for Solaris development
What to do with extra screen real estate?
How do you back up your development machine?
One large monitor or dual-monitor setup?
How much should a "software guy" (or "software gal") know about hardware?
How to Stop NTFS volume auto-mounting on OS X
How do I declare a list of fixed length in specman?
State of Registers After Bootup
Ideal Computer for Software Development
Developing for multiple monitors
What's the best database storage device?
Closet server versus Colo?
How do I convince my boss to buy nice big monitors for the developers?
What's your ideal multiple-monitor setup for programming?
Virtual machine supporting multiple displays
Using Xming X Window Server over a VPN
Dual vs. Quadcore on a Webserver
I have some RAM to burn - any suggestions?
Keyboard for programmers