[Netnice-developer] Netnice Packet Filter

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

hello,

i've finally implemented the NPF, and committed :-)

it still needs some work for packet injection part,
but, basic module is working. initialization looks like this;

	# cd /proc/network/
	# ls
	em0/    faith0/ lo0/    lp0/    ppp0/   sl0/
	# cd em0
	# ls
	bandwidth       recv            type            port
	drops           send            weight
	# cd /dev
	# rm bpf0
	# ln -s /proc/network/em0/port ./bpf0

i used the "device stealing" technique to keep compatibility with various
libpcap applications. NPF is just another file under /proc, but, it understands
all the ioctl commands that bpf device takes. (i tried tcpdump and tethereal,
and they run perfectly. isn't it cool!?)

i also implemented another operation mode, Firewall mode. If you attach a BPF
packet filter code to a VIF, and set the bandwidth of the VIF to zero, the
VIF now acts as a firewall (though not tested...).

in sum, current VIF has i) traffic control, ii) packet capturing, and iii)
packet filtering capability. utilizing this primitive, we can integrate
traffic control and network security into a single framework, in much
efficient way, compared to other implementations.

i will finish it up, and take a SNAP this week. then, i will go into
performance evaluation to prove this.

thanks for your patience, and please enjoy :-)

-- taka