Packet interception / Mangling

Julian Elischer julian at elischer.org
Tue Jun 28 19:35:32 GMT 2005 


Cole wrote:

>Hi
>
>Isnt pcap meant to be non-intrusive, as in it only gets sent a copy of the packet from the kernel space to userspace? And doesnt
>actually intercept anything?
>
>Thanks for the other suggestions, but im trying to stay away from divert sockets,
>

Why? that's what they are for!
It's like saying
"I know I asked for a tool to remove this nut from the bolt but I'm 
trying to
stay away from using wrenches".

netgraph also allows you to do this in an efficient manner.


> a friend also suggested libdnet, so I'll look into
>that today, but if you have any further ideas, please let me know, thanks
>
>Regards
>/Cole
>
>----- Original Message -----
>From: "Julian Elischer" <julian at elischer.org>
>To: <cole at opteqint.net>
>Cc: <freebsd-hackers at freebsd.org>
>Sent: Tuesday, June 28, 2005 2:39 AM
>Subject: Re: Packet interception / Mangling
>
>
>  
>
>>cole at opteqint.net wrote:
>>
>>    
>>
>>>Hi
>>>
>>>I wanted to know if there are any libraries similar to pcap to intercept
>>>packets/mangle packets.
>>>
>>>
>>>      
>>>
>>how about pcap?  :-)
>>
>>There are also two other mechinisms..
>>"divert sockets" (man divert) which is used in conjuction with teh ipfw
>>packet fileter
>>and netgraph (man 4 netgraph, man ngctl, man ng_socket, man ng_ether)
>>which can do a lot of interesting thins.
>>
>>    
>>
>>>What im trying to do specifically is like link compression, and I would then
>>>need to check if the packet is then compressed and decompress, and so forth and
>>>so on.
>>>
>>>I would like to avoid having to use a ipfw divert to a port, and specifically
>>>check all traffic to the box using a library function or some kind of hook into
>>>the kernel.
>>>
>>>The FreeBSD version I will be using is 4.9 or 4.11, and would like to know if
>>>there are any such routines available, and whether it could be a userland
>>>daemon, or if i am going to need to write a kernel loadable module?
>>>
>>>If anyone has any ideas or suggestions, or knows anything about this, it would
>>>be a great help.
>>>
>>>Regards
>>>/Cole
>>>
>>>
>>>_______________________________________________
>>>freebsd-hackers at freebsd.org mailing list
>>>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>>>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>>>
>>>
>>>      
>>>

More information about the freebsd-hackers mailing list