User	Score
rbrunner	54
eric	54
Andreas	44
sandeepmhptr	41
alh	32

gaining control of the TCP/IP stack

Fri, 2005-12-23 19:09

Joined: 2005-10-05
Forum posts: 16

Im writing a firewall for symbian/uiq. Im looking for some insight on how to get axx to the TCP/IP stack so i can filter the packets before they move past the stack (inbound and outbound). I am using the DevKit to developed the server side of the app. Im looking for some insight into the best way to go about taking over control of the stack. Would it be possible to use the current stack, and simply pull packets off and put them back on as need be, or will it be better to rewrite a chuck of the netowrking code (from the symbian source) to force the tcp/ip taffic to flow thru my app? It will be port based filtering, not connection based filtering. I need to take control of the stack so only packets that pass the filter will be pushed thru the stack. Any info on this topic would be great.

Fri, 2005-12-23 19:58

msa2

Joined: 2005-02-18
Forum posts: 100

Re: gaining control of the TCP/IP stack

Symbian has IPsec. You can implement port/protocol based filtering trivially with the IPsec policy (just specify pass/drop rules in the policy without any real IPsec encryption).

That API is not apparently public and letting just any random program to mess with the TCP/IP communication would be security risk in itself. Thus, to get access to those APIs, you need to get your application certified and in gerenal, I guess you need to join some partner program to see the APIs in the first place.

Fri, 2005-12-23 20:41

erickssm

Joined: 2005-10-05
Forum posts: 16

Re: gaining control of the TCP/IP stack

My employer joined the platnium program, or something like that, to get the Symbian DevKit. I have everything I need to implament what you are suggesting (full Symbian API, not just public API). Thanks for the idea, ill take a look at the ipsec source code and see if that is what i will need to gain control of the tcp/ip stack. If anyone else has ideas on this issue, feel free to post them! Thanks again.

Fri, 2005-12-23 21:33
gohip@ichibancompu Joined: 2005-12-16 Forum posts: 47	Re: gaining control of the TCP/IP stack Hey erickssm, Have you noticed whether or not the "full Symbian API" has any API's for the idle screen background image, i.e. changing it? Do you have a breakdown/list of what is opened up as far as api's go in the "full Symbian API", or have a link describing them? Jay Glass Phoenix, AZ. USA http://IChiBanComputers.Com

Tue, 2005-12-27 19:36

erickssm

Joined: 2005-10-05
Forum posts: 16

Re: gaining control of the TCP/IP stack

Jay Glass: If there is such ability to do that, which i dont know if there is or not, you would have to get the Dev Kit to use that functionality.

msa2: I looked at IPSec source code, and found no way to implament a filter in place of the en/decryption stuff in IPSec. I did manage to come across the MIp6Hook class. It looks like this is what is needed to trap all packets that pass thru the tcp/ip stack. Still a little fuzzy on the details of the class, but it seems to be just what i was looking for.

Wed, 2005-12-28 02:52
gohip@ichibancompu Joined: 2005-12-16 Forum posts: 47	Re: gaining control of the TCP/IP stack Thank You Erickssm! Jay Glass Phoenix, AZ. USA http://IChiBanComputers.Com

Fri, 2006-05-26 21:23

maxxxpayne

Joined: 2006-05-08
Forum posts: 162

Re: gaining control of the TCP/IP stack

Quote from: msa2

Symnian does have IPSec, but whether its shipped with real devices is another question.

Anyway, the best bet to implement a Firewall would be to implemet IP Hooks, whic I believe is documented well enough in DevKits

http://www.tanzim.co.uk

User login

Featured pages

Featured Software

Active users (last 30 days)

Feeds

gaining control of the TCP/IP stack