Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Mar 2008 11:27:53 +0000
From:      "Alireza Torabi" <alireza.torabi@gmail.com>
To:        vadim_nuclight@mail.ru
Cc:        freebsd-net@freebsd.org
Subject:   Re: bpf packet capture and SOCK_STREAM socket redirects...
Message-ID:  <cffd8c580803200427u62d8d3b9q208364a8a96de7ba@mail.gmail.com>
In-Reply-To: <slrnfu4hm4.1b5e.vadim_nuclight@hostel.avtf.net>
References:  <cffd8c580803192006g4045258bxcf8fa10b322a640@mail.gmail.com> <cffd8c580803200243u4465889m197d2a7ca6d0fff7@mail.gmail.com> <slrnfu4g5d.1b5e.vadim_nuclight@hostel.avtf.net> <cffd8c580803200357l686d6e40qb49b3ecadb734151@mail.gmail.com> <slrnfu4hm4.1b5e.vadim_nuclight@hostel.avtf.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Imagine this:

           | (1)
     packets
           |                     | (4)
        [nic1]             [nic2]
         bpf             SOCK_STREAM
          |  (2)                |
              [FreeBSD] (3)

1) all user traffic are being monitored
2) bpf on [nic] is capturing these packets
3) after processing we know a connection is about to be established from A to B

NOW:
4) I want to deliver this packet to the socket on [nic2]
and as this is a tcp socket it'll take care of it from there
(my code here for this sockets sends and arbitary data to A making it
think it came from B)

hope this helps.



On 3/20/08, Vadim Goncharov <vadim_nuclight@mail.ru> wrote:
> Hi Alireza Torabi!
>
> On Thu, 20 Mar 2008 10:57:39 +0000; Alireza Torabi wrote about 'Re: bpf packet capture and SOCK_STREAM socket redirects...':
>
> > That's sort of the problem. I've got a data link capture of the packet
> > (bpf) and let say I redirect this packet to a  SOCK_STREAM on another
> > machine and the whole thing will work fine (OK after rewritting some
> > mac and ip and checksums...).
>
> > I just need to do this on the SOCK_STREAM of the same machine. If I
> > try to put it in another way:
>
> > Is it possible to do a bpf write of a packet that can be seen by the
> > interface the bpf is bound to?
>
> AFAIK, no.
>
> > This means that the interface does it's normal work and the packet
> > will be deliverd to SOCK_STREAM bound to it.
>
> What exactly is your task? May be it is worth consider some other ways if
> additional details are known.
>
> --
> WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight@mail.ru
> [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cffd8c580803200427u62d8d3b9q208364a8a96de7ba>