Packet interception / Mangling

Cole cole at
Tue Jun 28 09:22:34 GMT 2005


Isnt pcap meant to be non-intrusive, as in it only gets sent a copy of the packet from the kernel space to userspace? And doesnt
actually intercept anything?

Thanks for the other suggestions, but im trying to stay away from divert sockets, a friend also suggested libdnet, so I'll look into
that today, but if you have any further ideas, please let me know, thanks


----- Original Message -----
From: "Julian Elischer" <julian at>
To: <cole at>
Cc: <freebsd-hackers at>
Sent: Tuesday, June 28, 2005 2:39 AM
Subject: Re: Packet interception / Mangling

> cole at wrote:
> >Hi
> >
> >I wanted to know if there are any libraries similar to pcap to intercept
> >packets/mangle packets.
> >
> >
> how about pcap?  :-)
> There are also two other mechinisms..
> "divert sockets" (man divert) which is used in conjuction with teh ipfw
> packet fileter
> and netgraph (man 4 netgraph, man ngctl, man ng_socket, man ng_ether)
> which can do a lot of interesting thins.
> >What im trying to do specifically is like link compression, and I would then
> >need to check if the packet is then compressed and decompress, and so forth and
> >so on.
> >
> >I would like to avoid having to use a ipfw divert to a port, and specifically
> >check all traffic to the box using a library function or some kind of hook into
> >the kernel.
> >
> >The FreeBSD version I will be using is 4.9 or 4.11, and would like to know if
> >there are any such routines available, and whether it could be a userland
> >daemon, or if i am going to need to write a kernel loadable module?
> >
> >If anyone has any ideas or suggestions, or knows anything about this, it would
> >be a great help.
> >
> >Regards
> >/Cole
> >
> >
> >_______________________________________________
> >freebsd-hackers at mailing list
> >
> >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at"
> >
> >

More information about the freebsd-hackers mailing list