netfilter questions

I want to develop a driver that will capture "all" network packets and later allow/drop/steal based on

the packet analysis and rules etc.,

I am aware that this could be accomplished using netfilter.

But, I have the following questions:

1. Does netfilter has any platform dependencies or any distro dervied from 2.4 and 2.6 versions will work

?

2. Does netfilter operate in the kernel space or in the user space ?

2a) If netfilter operates in the kernel space, how best could be packet info be pushed into a user-space

program ?

3) Are there any kernel level alternatives to netfilter ?

Please enlighten me with whatever answers you may have.

Rich.

Netfilter is kernel-level. AFAIK, there is no way to "push it into userspace". You define rules and all packets are fed through these rules. I'm not aware of any way to write iptables rules based on anything other than what you can do with iptables (which is quite a lot!). Check out netfilter.org for some very thorough documentation on using iptables. 8)

Thanks for the info-

Can netfilter capture "All" packets irrespective of the protocol ?

Quote:

---

Originally Posted by reachtechnocrat

Thanks for the info-

Can netfilter capture "All" packets irrespective of the protocol ?

---

Yes. It handles every packet that passes through the machine.