Building a Network Appliance Prototype Using a standard PC with Linux and Two NIC's

Question

I am willing to build a prototype of network appliance. This appliance is suppose to transparently manipulate Ethernet packets. It suppose to have two network interface cards having one card connected to the outside leg (i.e. eth0) and the other to the inside leg (i.e. eth1).

In a typical network layout as in the attached image, it will be placed between the router and the LAN's switch.

My plans are to write a software that hooks at the kernel driver level and do whatever I need to do to incoming and outgoing packets.

For instance, an "outgoing" packet (at eth1) would be manipulated and passed over to the other NIC (eth0) which then should be transported over to the next hope

My questions are:

Is this doable?
Those NIC's will have no IP address, is that should be a problem?

Thanks in advance for your answers.

(And no, there is no such device yet in the market, so please, "why reinvent the wheel" style of answers are irrelevant)

typical network diagram http://img163.imageshack.us/img163/1249/stackpost.png

what do you mean? have you read this to the end? this is a software question, not an hardware at all. — Tzury Bar Yochay, Jan 10 '10 at 07:51
AFAIK, Line encryption units work in a similar way (2 ports, an embedded pc and some custom silicon), so it can be done in a mix of hardware and software, but I don't know enough detail to post an answer. — Pete Kirkham, Jan 10 '10 at 09:45
-2, wonder why. perhaps if a question is not related to ruby/c#/jquery one might risks to be getting down votes. — Tzury Bar Yochay, Jan 10 '10 at 11:52

score 2 · Accepted Answer · answered Jan 10 '10 at 10:45

2

I'd suggest libipq, which seems to do just what you want:

Netfilter provides a mechanism for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to do with the packets (such as ACCEPT or DROP). These packets may also be modified in userspace prior to reinjection back into the kernel.

answered Jan 10 '10 at 10:45

tstenner

10,080
10
57
92

thanks allot, will take a look at this as well, searching for this at the firewall areas was a smart move! if I would be able to build a prototype fast enough using it I would prefer it over scapy which is very slow comparing to libipq – Tzury Bar Yochay Jan 10 '10 at 10:49
In doing intermediate filtering/modification, be aware that you're probably going to be introducing some significant latency into the message stream, especially if you're passing data in and out of user-space. Is this going to be in a high-bandwidth network? You may want to think about fast hardware and kernel level packet mangling. – Shannon Nelson Jan 12 '10 at 05:13

score 0 · Answer 2 · answered Apr 25 '12 at 14:08

0

as long as the NICs are set to promiscous mode, they catch packets on the network without the need of an IP address set on them. I know it can be done as there are a lot of companies that produce the same type of equipment (I.E: Juniper Networks, Cisco, F5, Fortinet ect.)

answered Apr 25 '12 at 14:08

Alex

1

well, they also need to be bridged. – Ottavio Campana Oct 29 '12 at 10:56

Tzury Bar Yochay · Answer 3 · 2010-01-10T11:18:41.397

0

Apparently, it can be done. I am actually trying to build a prototype of it using scapy

edited Jan 10 '10 at 11:18

answered Jan 10 '10 at 10:28

Tzury Bar Yochay

8,798
5
49
73

Building a Network Appliance Prototype Using a standard PC with Linux and Two NIC's

3 Answers3