Due Date: Thursday, November 30, 2005
Points: 100
This program asks you to build a basic engine for a firewall. Call your program "fw".
Your program is to read in a set of rules describing how an incoming packet is to be transformed and routed. Once the rules are read in, your program will read in data representing the packets, and write out the transformed packets.
Your program must be named fw, and must accept the following command-line syntax:
where rules_file is the name of the file containing the rules, and packet_file is the name of the file containing the data representing the packets.
Each line in the rules_file has the following form:
where action is one of the following:
drop | discard the packet; no further rules are executed |
accept | send the packet on; no further rules are executed |
src_IP new_IP | change the source IP of the packet to new_IP; go to the next rule |
src_port new_port | change the source port of the packet to new_port; go to the next rule |
dest_IP new_IP | change the destination IP of the packet to new_IP; go to the next rule |
dest_port new_port | change the destination port of the packet to new_port; go to the next rule |
If the first four fields in the line match the appropriate parts of the packet, action occurs. If either the source IP or destination IP are the character "*", then that matches any value of the field.
Each line in the packet_file has the following form:
where body is any sequence of characters up to, but not including, the end of the line.
Your program should copy the contents of the packet_file to the standard output, modifying it as indicated by the rules in the rules_file. If the line in the packet_file does not match any line in the rules_file, accept the packet by copying it to the standard output. Otherwise, act as the appropriate line(s) in the rules_file indicate. All processing is to be done in order of the rules (that is, apply the first rule; if the packet is neither accepted nor dropped, apply the second line; and so forth.)
The rules_file contains the following:
129.234.6.8 : 25 : 15.4.7.8 : 25 : dest_IP 10.3.4.5The packet_file contains the following:
* : 25 : 10.3.4.5 : 25 : accept
* : * : 15.4.7.8 : 80 : dest_IP 10.3.4.8
* : * : 10.3.4.8 : 80 : dest_port 8080
* : * : 10.3.4.8 : 8080 : accept
* : * : * : * : drop
129.234.6.8 : 25 : 15.4.7.8 : 25 : here is a letterThe output should be:
130.234.6.8 : 25 : 15.4.7.8 : 25 : here is another letter
178.23.56.77 : 3456 : 15.4.7.8 : 80 : here is a web message
129.234.6.8 : 25 : 10.3.4.5 : 25 : here is a letter
178.23.56.77 : 3456 : 10.3.4.8 : 8080 : here is a web message
Note that the second packet does not match any line except the last, and so is dropped.