Date: Mon, 25 Nov 2002 11:26:01 +0200 From: Peter Pentchev <roam@ringlet.net> To: soheil soheil <soheil_hh@hotmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Packet Capturing on GWs but don't let them go out. Message-ID: <20021125092601.GJ381@straylight.oblivion.bg> In-Reply-To: <F90t1uZfsDgEhHeJZmb0001e154@hotmail.com> References: <F90t1uZfsDgEhHeJZmb0001e154@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--924gEkU1VlJlwnwX Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 22, 2002 at 07:24:54PM +0000, soheil soheil wrote: > Hi > I want to do packet capturing but as you know the pcap let the packet go= =20 > out and just put a copy on the buffer . > I just want to do a copy and don't let them go out . > just i want that all of the packet from the sockets that are created by m= e=20 > travels through my server >=20 > Packet ----- /* i don't want it to be forwarded */ |------> out > |----> buffer ---> my process --------send-- >=20 > I want to do a transparent third party traffic There are two ways I can think of to do what you want: either use ipfw's 'divert' capability to, well, divert all incoming packets to a specially crafted socket and have a userland program examine them, modify them, and send them back out if necessary, much as natd(8) does it, or write a kernel module using the netgraph(4) interface to capture packets coming in on a network interface, analyze them, modify them, and, if necessary, reinject them. I personally would do it the Netgraph way, using a setup much like the one in the ng_ether(4) example section, but substituting my own module in place of the ng_tee node, so it does not unconditionally pass the packets, but analyze them first. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 =2Esiht ekil ti gnidaer eb d'uoy ,werbeH ni erew ecnetnes siht fI --924gEkU1VlJlwnwX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE94eyp7Ri2jRYZRVMRAipzAJ9o/8fpyx4YsW4GauU6xA5WVrEZ1QCgudBX 07iXe+UpjEgCY8442y72uOQ= =k+pN -----END PGP SIGNATURE----- --924gEkU1VlJlwnwX-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021125092601.GJ381>