From owner-freebsd-hackers@FreeBSD.ORG Sun Aug 7 03:27:45 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A04616A42B for ; Sun, 7 Aug 2005 03:27:45 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (delight.idiom.com [216.240.32.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F073442E7 for ; Sun, 7 Aug 2005 02:52:19 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id E2986208CBB; Sat, 6 Aug 2005 19:52:18 -0700 (PDT) Received: from [192.168.2.3] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id j772qH1r039797; Sat, 6 Aug 2005 19:52:18 -0700 (PDT) (envelope-from julian@elischer.org) Message-ID: <42F57761.6030607@elischer.org> Date: Sat, 06 Aug 2005 19:52:17 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050424 X-Accept-Language: en, hu MIME-Version: 1.0 To: Minh Tran References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: Kernel code of reseting/ignoring tcp SYN packets X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2005 03:27:45 -0000 Minh Tran wrote: > ** Reply Requested When Convenient ** > > Hi everyone, > > I was looking around for the files of Kernel code where SYN messages are sent, > so we can simply inject some code to send back a reset messages or ignore the SYN requests. > I was looking at the function ioctl() which takes fd of the tcp socket. > As i track the function down, there is also another call to the dev_ioclt() function where all parameters are passed down. > However, i was not sucessful with finding out the description of this dev_ioclt() function. > I am having a bit of trouble in finding out the way of injecting code in the kernel to deal with SYN packets. > I am thinking of using ipfw to either reset or drop SYN packets. that's what I would do as it already has that option. "reset" or "drop" keywords. reset Discard packets that match this rule, and if the packet is a TCP packet, try to send a TCP reset (RST) notice. The search termi- nates. in addition, in 6.x (or is it just 7?) you can hook an ipfw rule directly into a netgraph node that you have loaded that could do arbitrary processing. and even pass it back. > > Would anyone have some hints on the clean way of injecting some code to deal with SYN packets > or could you give me some ideas on which files i should look at? I really appreciate that. > I saw some promising files in src/sys/netinet but they are not all clear in my mind. > > Thanks heaps! > > > Swinburne University of Technology > CRICOS Provider Code: 00111D > > NOTICE > This e-mail and any attachments are confidential and intended only for the use of the addressee. They may contain information that is privileged or protected by copyright. If you are not the intended recipient, any dissemination, distribution, printing, copying or use is strictly prohibited. The University does not warrant that this e-mail and any attachments are secure and there is also a risk that it may be corrupted in transmission. It is your responsibility to check any attachments for viruses or defects before opening them. If you have received this transmission in error, please contact us on +61 3 9214 8000 and delete it immediately from your system. We do not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment. > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"