Quote:> i want to move tcp/ip stack(including routing and
> netfilter) to userspace, my goal is to trace all the
> instructions involved in a firewall and router since i
> don't know how to trace these instructions inside the
> kernel. i want to get something like:
> incoming ip packets(a file)-->fake ISR-->tcp/ip
> stack-->outgoing ip packets( to /dev/null).
> my question is: is it possible and relatively easy to
> move tcp/ip stack to user space?
This comes up fairly frequently, it might be a good addition to the FAQ.
Here's my attempt at an answer culled from prior messages.
Several people have user-mode network stacks at various levels of
development, but it is *highly* unlikely for them ever to get into
the kernel proper (see the monolithic versus microkernel debate at
http://www.kernel.org/pub/linux/docs/lkml/#s15-4).
Here are some URLs to which you can refer for more information:
http://www.cl.cam.ac.uk/Research/SRG/netos/arsenic/
http://www.cs.nwu.edu/~pdinda/minet/minet.html
http://www.joerch.org/tcpip/
http://freshmeat.net/projects/libutcp/
However, for security purposes, you probably do not want a user-mode stack.
You want an extensible packet handling mechanism, and can be found with:
iptables/ipchains -- the native Linux firewalling tools,
http://netfilter.samba.org/
tc -- the Traffic control program,
http://www.sparre.dk/pub/linux/tc/
libpcap -- packet capture library,
http://www.tcpdump.org
Thanks,
-Eric
--
--------------------------------------------
Eric H. Weigle CCS-1, RADIANT team
(505) 665-4937 http://home.lanl.gov/ehw/
--------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
by