Small project: outgoing connection notifier

Ciao guys, i'm a student from Switzerland
My summer is just begun and i have a small project that
would like to
start in the following weeks, before is september again...

The idea is to implement a small applet that notifies
whenever a program
tries to access the internet.
For example it pops up a little window that says: "The
application
Azureus is trying to access the internet" and the user
can choose
allow/deny,  once or permanently.

Such application exists for Mac, it is called LittleSnitch

http://www.obdev.at/products/littlesnitch/index.html
I'm pretty sure WinXP as it as part of the system itself.

I didn't find something similar for Linux so it would be fun
and
interesting for me to do it.

My thoughts about the project  are still really fuzzy, my
major doubts
regard:
 - where/how to intercept outbound connection requests from
the application
 - how to temporarily suspend the connection request until
user
acknowledgment, if that's possible
 - how to understand which application made the request
while the
request is being submitted.

I'm writing to this mailing list since you're probably the
most
competent in that...

I never developed for Linux so i read what i found on
network related
kernel events but i still don't know where to start from...
For example, i could write a kernel module that overrides
the
"connection request" syscall (if any) and matches
my rules before
allowing it.
Or it could be possible to simply create what i want as an
extension
for netfilter.
Does that make any sense?

Any kind of pointer or suggestion to where to start from is
really appreciated!

Ciao
Marco

On Jul 7 2007 10:15, Marco Bridge wrote:
>
> Ciao guys, i'm a student from Switzerland
> My summer is just begun and i have a small project that
would like to
> start in the following weeks, before is september
again...
>
> The idea is to implement a small applet that notifies
whenever a program
> tries to access the internet.
> For example it pops up a little window that says:
"The application
> Azureus is trying to access the internet" and the
user can choose
> allow/deny,  once or permanently.
>
> Such application exists for Mac, it is called
LittleSnitch
> 
http://www.obdev.at/products/littlesnitch/index.html
> I'm pretty sure WinXP as it as part of the system
itself.
>
> I didn't find something similar for Linux so it would
be fun and
> interesting for me to do it.

http://tuxguardian.sf.net/


>
> My thoughts about the project  are still really fuzzy,
my major doubts
> regard:
> - where/how to intercept outbound connection requests
from the application
> - how to temporarily suspend the connection request
until user
> acknowledgment, if that's possible
> - how to understand which application made the request
while the
> request is being submitted.
>
> I'm writing to this mailing list since you're probably
the most
> competent in that...
>
> I never developed for Linux so i read what i found on
network related
> kernel events but i still don't know where to start
from...
> For example, i could write a kernel module that
overrides the
> "connection request" syscall (if any) and
matches my rules before
> allowing it.
> Or it could be possible to simply create what i want as
an extension
> for netfilter.
> Does that make any sense?
>
> Any kind of pointer or suggestion to where to start
from is really appreciated!
>
> Ciao
> Marco
>

	Jan
-- 

Jan just gave you the anwser.


2007/7/7, Jan Engelhardt <jengelhcomputergmbh.de>:
>
> On Jul 7 2007 10:15, Marco Bridge wrote:
> >
> > Ciao guys, i'm a student from Switzerland
> > My summer is just begun and i have a small project
that would like to
> > start in the following weeks, before is september
again...
> >
> > The idea is to implement a small applet that
notifies whenever a program
> > tries to access the internet.
> > For example it pops up a little window that says:
"The application
> > Azureus is trying to access the internet" and
the user can choose
> > allow/deny,  once or permanently.
> >
> > Such application exists for Mac, it is called
LittleSnitch
> > 
http://www.obdev.at/products/littlesnitch/index.html
> > I'm pretty sure WinXP as it as part of the system
itself.
> >
> > I didn't find something similar for Linux so it
would be fun and
> > interesting for me to do it.
>
> http://tuxguardian.sf.net/

>
> >
> > My thoughts about the project  are still really
fuzzy, my major doubts
> > regard:
> > - where/how to intercept outbound connection
requests from the application
> > - how to temporarily suspend the connection
request until user
> > acknowledgment, if that's possible
> > - how to understand which application made the
request while the
> > request is being submitted.
> >
> > I'm writing to this mailing list since you're
probably the most
> > competent in that...
> >
> > I never developed for Linux so i read what i found
on network related
> > kernel events but i still don't know where to
start from...
> > For example, i could write a kernel module that
overrides the
> > "connection request" syscall (if any)
and matches my rules before
> > allowing it.
> > Or it could be possible to simply create what i
want as an extension
> > for netfilter.
> > Does that make any sense?
> >
> > Any kind of pointer or suggestion to where to
start from is really appreciated!
> >
> > Ciao
> > Marco
> >
>
>         Jan
> --
>
>