bpf packet capture and SOCK_STREAM socket redirects...
Alireza Torabi
alireza.torabi at gmail.com
Thu Mar 20 04:27:54 PDT 2008
Imagine this:
| (1)
packets
| | (4)
[nic1] [nic2]
bpf SOCK_STREAM
| (2) |
[FreeBSD] (3)
1) all user traffic are being monitored
2) bpf on [nic] is capturing these packets
3) after processing we know a connection is about to be established from A to B
NOW:
4) I want to deliver this packet to the socket on [nic2]
and as this is a tcp socket it'll take care of it from there
(my code here for this sockets sends and arbitary data to A making it
think it came from B)
hope this helps.
On 3/20/08, Vadim Goncharov <vadim_nuclight at mail.ru> wrote:
> Hi Alireza Torabi!
>
> On Thu, 20 Mar 2008 10:57:39 +0000; Alireza Torabi wrote about 'Re: bpf packet capture and SOCK_STREAM socket redirects...':
>
> > That's sort of the problem. I've got a data link capture of the packet
> > (bpf) and let say I redirect this packet to a SOCK_STREAM on another
> > machine and the whole thing will work fine (OK after rewritting some
> > mac and ip and checksums...).
>
> > I just need to do this on the SOCK_STREAM of the same machine. If I
> > try to put it in another way:
>
> > Is it possible to do a bpf write of a packet that can be seen by the
> > interface the bpf is bound to?
>
> AFAIK, no.
>
> > This means that the interface does it's normal work and the packet
> > will be deliverd to SOCK_STREAM bound to it.
>
> What exactly is your task? May be it is worth consider some other ways if
> additional details are known.
>
> --
> WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight at mail.ru
> [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list