bpf packet capture and SOCK_STREAM socket redirects...

Alireza Torabi alireza.torabi at gmail.com
Thu Mar 20 03:57:41 PDT 2008 

Thanks for reply.

That's sort of the problem. I've got a data link capture of the packet
(bpf) and let say I redirect this packet to a  SOCK_STREAM on another
machine and the whole thing will work fine (OK after rewritting some
mac and ip and checksums...).

I just need to do this on the SOCK_STREAM of the same machine. If I
try to put it in another way:

Is it possible to do a bpf write of a packet that can be seen by the
interface the bpf is bound to?

This means that the interface does it's normal work and the packet
will be deliverd to SOCK_STREAM bound to it.

A


On 3/20/08, Vadim Goncharov <vadim_nuclight at mail.ru> wrote:
> Hi Alireza Torabi!
>
> On Thu, 20 Mar 2008 09:43:52 +0000; Alireza Torabi wrote about 'bpf packet capture and SOCK_STREAM socket redirects...':
>
> > Is it possible to redirect/send/divert a bpf packet capture of one
> > interface to a listening tcp socket on another interface of the same
> > machine?
> > Here is my problem:
> > I'm capturing packets on one interface but for some specific tcp
> > packets let's say from host A to host B on port P, I want to hijack
> > the packet and send it to a listening tcp socket on the other
> > interface and reply an "Access Denied" message.
>
> > I'd like to use the tcp socket on the other interface as it's not
> > possible to communicate over the interface that's doing the packet
> > capture and I don't want to invent the wheel by doing all the tcp/tcb
> > states hence using a tcp socket.
>
> But if that's a middle of connection, how would you do? Kernel sockets assume
> they've acted in a conversation from the very beginning SYN's, so if you
> redirect such packet, socket will not understand it.
>
> If you yopu want to simply close/reset connection, however, this can be done
> somehow.
>
> --
> WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight at mail.ru
> [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list