> Tom Fortmann wrote: > > >I have a simple Linux kernel module that uses the > netFilter > >API to intercept TCP packets. I need to port this > driver to a Solaris environment. I found a lot of > good articles on Solaris Device drivers, but can > anyone point me in the right direction for > intercepting and manipulating TCP packets under > Solaris? > > > > > > Tom, the document you should start reading can be > found at: > > http://www.opensolaris.org/os/community/networking/fil > es/pfhooks-design-2006-03-09.pdf >
Hi, after reading the design document, I got couple of questions. Please kindly correct me if some of these questions are not even applicable. From what I understand, there is only one callback can register with a particular hook at any time. Is original ipf filtering function counted in this "one hook" constraint? And if multiple vendors wants to hook at the same point, how do these filters get chained together? Or this is not the intended use-case? From the document, there isn't a section about framework support for these hook callbacks. Does the ipf framework provide function/data structure for the hook callback to decide whether or not a packet is allowed? If hook callback is responsible for configuring itself, how does it cooperate with original ipf.conf? And, is the original best match ipf.conf behaviour still maintained? This best match behaviour is far better than netfilter first match one, IMHO. Thanks, Ivan. > If you're developing a commercial application, send > me a private email > as there are some other people at Sun you need to get > in contact with as > well. > > Darren > > _______________________________________________ > networking-discuss mailing list > [email protected] > This message posted from opensolaris.org _______________________________________________ networking-discuss mailing list [email protected]
