bpf packet capture and SOCK_STREAM socket redirects...

Peter Jeremy peterjeremy at optushome.com.au
Thu Mar 20 23:35:20 PDT 2008


On Thu, Mar 20, 2008 at 11:27:53AM +0000, Alireza Torabi wrote:
>Imagine this:
>
>           | (1)
>     packets
>           |                     | (4)
>        [nic1]             [nic2]
>         bpf             SOCK_STREAM
>          |  (2)                |
>              [FreeBSD] (3)
>
>1) all user traffic are being monitored
>2) bpf on [nic] is capturing these packets
>3) after processing we know a connection is about to be established from A to B
>
>NOW:
>4) I want to deliver this packet to the socket on [nic2]
>and as this is a tcp socket it'll take care of it from there
>(my code here for this sockets sends and arbitary data to A making it
>think it came from B)

Have a look at divert(4).  I suspect it comes closest to what you want.

-- 
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080321/2d7c8deb/attachment.pgp


More information about the freebsd-net mailing list