On Fri, Mar 01, 2002 at 11:22:42PM -0600, Blair Stilwell wrote:
> Paul Dokas wrote:
> 
> >On Fri, Mar 01, 2002 at 03:22:31PM -0600, Blair Stilwell wrote:
> >
> >>Does anyone have any experience using the user space bridged ethernet 
> >>bridge in combination with IPF kernel level firewalling?  I'd like to 
> >>create an IP-less bridging firewall with a G3 I have containing three 
> >>NICs.
> >>
> >
> >"User space bridged ethernet bridge"?  Could you please tell me where you
> >got this code.  I've been writing my own lately.
> 
> 
> I should have placed bridged in quotes to clarify d as in daemon.  It is 
> in pkgsrc/net/bridged.

Thank you!  That code saves me a few days of figuring out bpf.  My thought
was to build a filtering bridge inspired by Jason Thorpe's ZPC

  http://mail-index.netbsd.org/tech-net/2000/12/28/0007.html

I want to take a simple bpf based bridge, fold the bpf state engine into
it and create rules sets similar to those that Jason proposed for his ZPC.
That way I could have a user space filtering bridge that would be capable
of filtering *all* ethernet protocols (IP, IPX, AppleTalk, etc).

Other things that I'd like to add include multi-threading (pthreads) and
some facility for doing very simple intrusion detection.  That second one
might be as simple as piping offending packets into a shell script and/or
saving them to a file.  I haven't thought much about that yet.


However, I haven't done much on this whole thing yet.  I'm still learning
about bpf and pcap.  If anyone want's to work on this, or do it for me
(I'll buy the beer at the upcoming IETF in Minneapolis), I'll be glad to
supply help, direction or what ever is needed.



Paul
-- 
Paul Dokas                                            dokas@cs.umn.edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."