mogul@wrl.dec.com (Jeffrey Mogul) (05/09/91)
In article <1991May07.195428.17658@decuac.dec.com> mjr@hussar.dco.dec.com (Marcus J. Ranum) writes: >taku@cathedral.cerc.wvu.wvnet.edu (Takumei So) writes: > >> The machine I'm using is a ultrix machine, DECstation 5000 running >>ULTRIX V4.0 Rev.179. I'm running it as su, and the interface is set to >>promiscuous mode. >> Any help, or example codes for using packetfilter, will be greatly >>appreciated!!! > > I think 4.2 comes with the packet screen daemon - which is a table >driven packet filterer - very useful for screened IP gateways. I don't know >if the source to it is something that can be given out or not. I'll defer >to the author. Thanks for the deference, Marcus, but it looks like I've managed to confuse you along with everyone else. There are two ENTIRELY DIFFERENT AND UNRELATED facilties in Ultrix, both of which I must take some blame for. The "packet filter", introduced in Ultrix 4.0 (but quite similar to half a dozen versions floating around in other systems), is a way for user programs to get direct access to the Ethernet (or FDDI, for that matter). This is used for implementing network monitoring programs (e.g., "tcpdump"), and may also be used for easy implementation of new protocol packages (e.g., the Stanford "Pup" code and the CAP package). See the paper in Proc. SOSP-11. The "gateway screen", introduced in Ultrix 4.2, is a facility that allows you to control which IP packets are forwarded by your system when it is used as an IP packet router (a.k.a. "gateway"). It is meant to be used as part of a "firewall" gateway. I'm busy writing a paper on how to use it; a paper on how it works is in Proc. Summer 1989 USENIX Conf. Yes, I know that the the "gateway screen" does what other people (e.g., cisco) calls "packet filtering". If I had a chance to go back in time, I would have named the "packet filter" something else (the "packet matcher" or something like that). But the "packet filter" was named 12 years ago, by someone else, long before most people had even considered running a filtering router (and before most people had even heard of IP). I'm sure I'll be disentangling this name-confusion for the next 20 years, so I'm saving a copy of this message! -Jeff