0

For the project that I am currently working on, the task is to read a file from disk that is of following format:

port number [in/out/both]

So, if a port number is followed by in, only inbound connections are allowed. If it is followed by out, only outbound connections are allowed and bidirectional if it is followed by both. Block all other ports.

One way to do this, is to read the file at boot time and store port and type in a data structure and keep that in memory, and when a process tries to use a port, grant the access based in the data structure that is in memory. The problem is, I dont know how to actually implement this, just need a push in the right directions. I know this can be done using iptables, but that is not allowed.

Dex
  • 1

1 Answers1

1

As a start on Linux kernel coding and for some parts of your problem, you might find this useful:

Storing struct array in kernel space, Linux

EDIT:

For your specific problem of packet filtering, I would suggest that you use the netfilter framework from within the kernel to set up the proper rules that will do what you want. Creating your own packet-filtering framework is probably way too complex - plus it's generally not a good idea to reinvent the wheel.

The netfilter subsystem is quite modular, so you might want to consider the possibility of just creating yet another module with your intended functionality for it.

Community
  • 1
  • 1
thkala
  • 84,049
  • 23
  • 157
  • 201