So I’ve taken some interest in creating an open source nextgen firewall. It’s beyond my current skill level (at least with the hobby time I have available) from a programming standpoint, but that’s how you grow, so let’s just see what I can figure out. It’ll be fun and a good learning experience to dig into even if I don’t get anything working. There are some related packages and projects (Open Source) that we can pull from/merge/evaluate functionality from for this.
Routing Protocol Support
Free Range Routing (FRR)
An Article I wrote on Setting up Free Range Routing on Debian base Linux Install
QoS
Network Traffic Control and the Linux Packet Scheduler
DPDK QoS Framework
VLAN SUPPORT
https://www.linuxjournal.com/article/10821
Dated But Interesting Info
A Guide to the Implementation and Modification of the Linux Protocol Stack (2000)
Sockets in the Linux Kernel
Linux Kernel Networking Overview
Advanced Linux Kernel Networking
FastPath & Intel Data Plane Development Kit (DPDK)
https://blog.cloudflare.com/kernel-bypass/
OpenFlow Switch and Router – Lagopus
The FastData Project – Linux Foundation
https://www.dpdk.org/
DPDK Programmer’s Guide
DPDK API Documentation
DPDK Accelerated UserSpace Network Stack
DPDK enabled L4 Load Balancer based on LVS
DPDK Accelerated Traffic Generator – Open Source T-REX by Cisco
new Approaches to Network FastPath
VPP – Vector Packet Processing
Alternate-forwarding-planes:-VPP+FRR (FREE RANGE ROUTING)
Open Source DPDK based DDoS Protection – GateKeeper
L3 Packet Filtering
NPF – packet filter with stateful inspection, NAT, IP sets, DPDK Integration, etc.
Deep Packet Inspection
Open Source Deep packet inspection engine based on OpenDPI, a fork by nTOP.
https://www.ntop.org/products/deep-packet-inspection/ndpi/
https://github.com/ntop/nDPI
Intel HyperScan regex matching which can be more readily used with the Intel DPDK (Data Plane Development Kit)
https://www.hyperscan.io/
introduction-to-hyperscan
https://github.com/intel/hyperscan
https://github.com/vipinpv85/DPDK-HYPERSCAN-SAMPLE
SNORT Module for DPDK Integration
The relatively new (kernel 4.3) support of TRUE VRFs in the Linux Kernel (thank you Cumulus Linux)
operationalizing-vrf-in-the-data-center
https://www.kernel.org/doc/Documentation/networking/vrf.txt
https://github.com/Mellanox/mlxsw/wiki/Virtual-Routing-and-Forwarding-(VRF)
Slightly unreleated, but maybe useful
PcapPlusPlus is a multiplatform C++ network sniffing and packet parsing and crafting framework compatible with DPDK
http://rumpkernel.org/
NOT OPEN-SOURCE, but interesting
https://www.6wind.com
UserSpace TCP/IP Stacks
https://github.com/pkelsey/libuinet
User Interface Elements
JavaScript Chart Library
nice jquery based sidemenu
Shit is about to get REAL COMPLICATED
