bpf packet capture and SOCK_STREAM socket redirects...
Julian Elischer
julian at elischer.org
Fri Mar 21 11:16:51 PDT 2008
Alireza Torabi wrote:
> On Fri, Mar 21, 2008 at 6:35 AM, Peter Jeremy
> <peterjeremy at optushome.com.au> wrote:
>> On Thu, Mar 20, 2008 at 11:27:53AM +0000, Alireza Torabi wrote:
>> >Imagine this:
>> >
>> > | (1)
>> > packets
>> > | | (4)
>> > [nic1] [nic2]
>> > bpf SOCK_STREAM
>> > | (2) |
>> > ---------------------------------------
>> > [FreeBSD] (3)
>> >
>> >1) all user traffic are being monitored
>> >2) bpf on [nic] is capturing these packets
>> >3) after processing we know a connection is about to be established from A to B
>> >
>> >NOW:
>> >4) I want to deliver this packet to the socket on [nic2]
>> >and as this is a tcp socket it'll take care of it from there
>> >(my code here for this sockets sends and arbitary data to A making it
>> >think it came from B)
>>
>> Have a look at divert(4). I suspect it comes closest to what you want.
>>
>> --
>> Peter Jeremy
>> Please excuse any delays as the result of my ISP's inability to implement
>> an MTA that is either RFC2821-compliant or matches their claimed behaviour.
>>
>
> Yes. It sounds promising. I was reading natd and planning to read ipfw
> source interestingly!
also I think you may want the 'fwd' call in ipfw...
I don't quite understand your question..
(despite the picture)
where ia A and where is B?
and why 2 nics?
User traffic where?
on a switch?
coming in and out of this machine?
you need to define a little more of the picture..
Julian
> Thanks
>
> Alireza
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list