Re: [lwip-users] packet filtering support

[Mandeep Sandhu]

On Thu, Jul 16, 2009 at 6:24 PM, Kieran Mansley<address@hidden> wrote:
> On Thu, 2009-07-16 at 18:19 +0530, Mandeep Sandhu wrote:
>> Hi All,
>>
>> Does iwIP support the following features:
>>
>> * Filter DNS request (allow DNS resolution _only_ for a particular
>> domain, drop all others)
>> * Allow IP forwarding from a USB CDC-ECM interface to another
>> interface (eg wlan over SPI)
>> * Allow IP forwarding _only_ for particular dst IP's, drop all others.
>
> Don't think so.

Oh.

But IP fwding between 2 interfaces is possible w/o any modifications
to the stack...right?

For intercepting DNS request, I plan to do the following:

* Implement a very limited DHCP server (one which offers addr
  to only 1 DHCP client. This would return the DNS server's IP as
  my own.
* Now if the client tries to resolve a domain name, that request will
  come to my IP.
* If I have raw socket support, I can inspect the packet and if it's for
  the domain I want to resolve, I can fwd it to an external resolver using
  the DNS client functions.

Does this sound feasible?

Is there any doc available exapling the raw socket API in lwIP? Currently
I'm looking at;
http://lwip.wikia.com/wiki/Raw/native_API

As for the IP filtering, I think I'll have to alter the stack! :(

Do you think it makes sense to provide API's to configure such filters?

Thanks for your time,
-mandeep

>
>> Is it possible for applications to configure the stack with such rules?
>> I've never used lwIP before, hence this basic question.
>
> You could modify lwIP to do all the above of course, but not sure what
> API an application would use to configure it.
>
> Kieran
>
>
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/lwip-users
>