From owner-freebsd-net@FreeBSD.ORG Thu Mar 20 10:50:08 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90B1B1065672 for ; Thu, 20 Mar 2008 10:50:08 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 457448FC22 for ; Thu, 20 Mar 2008 10:50:08 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JcILS-0006Bc-9E for freebsd-net@freebsd.org; Thu, 20 Mar 2008 10:50:02 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 20 Mar 2008 10:50:02 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 20 Mar 2008 10:50:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Vadim Goncharov Date: Thu, 20 Mar 2008 10:47:09 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 28 Message-ID: References: X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Alireza Torabi User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: bpf packet capture and SOCK_STREAM socket redirects... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2008 10:50:08 -0000 Hi Alireza Torabi! On Thu, 20 Mar 2008 09:43:52 +0000; Alireza Torabi wrote about 'bpf packet capture and SOCK_STREAM socket redirects...': > Is it possible to redirect/send/divert a bpf packet capture of one > interface to a listening tcp socket on another interface of the same > machine? > Here is my problem: > I'm capturing packets on one interface but for some specific tcp > packets let's say from host A to host B on port P, I want to hijack > the packet and send it to a listening tcp socket on the other > interface and reply an "Access Denied" message. > I'd like to use the tcp socket on the other interface as it's not > possible to communicate over the interface that's doing the packet > capture and I don't want to invent the wheel by doing all the tcp/tcb > states hence using a tcp socket. But if that's a middle of connection, how would you do? Kernel sockets assume they've acted in a conversation from the very beginning SYN's, so if you redirect such packet, socket will not understand it. If you yopu want to simply close/reset connection, however, this can be done somehow. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]