ng_fwdswitch is a FreeBSD kernel module based on the netgraph infrastructure that works as a basic packet forwarding engine. It will classify inbound IP packets using their source or destination address and forward them to the appropriate outbound interface. It could be used as an IDS helper, say to split "coherent" traffic across several sensors.
Virtual Network Address Translation (VNAT) is a novel architecture that allows transparent migration of end-to-end live network connections associated with various computation units. Such computation units can be either a single process, or a group of processes, or an entire host. It virtualizes network connections perceived by transport protocols so that identification of network connections is decoupled from stationary hosts. Such virtual connections are then remapped into physical connections to be carried on the physical network using network address translation.
LKMB is a Perl module that can be used to create a kernel module package, that can later be used to create a package that can be bootstrapped on any GNU machine. It is incomplete, but still partially usable. LKMB is part of the Comprehensive Linux Archive Network (CLAN) meta-project.
Atkins can be used to examine variables, tables, and linked lists in the running kernel. Subcommands can be entered to show formatted kernel administration of processes, open files, incore inodes, page cache buffers, sockets, etc. Memory dumps can be shown using virtual or physical addresses, or using addresses within user space of a particular process. Furthermore stack backtraces can be printed e.g. to determine the reason why a particular process is currently in a wait- state. Note that atkins requires a certain level of knowledge about the Linux kernel.
F-Watch is a kernel module that reports changes on files to /dev/fwatch. It hooks into the sys_calls and does not require a kernel patch. To activate watching for certain events, users need to run ioctl to register the wanted events; examples are in the src dir. Ioctl can be used during runtime to individually change the required events.