Date: Tue, 28 Jun 2005 12:36:18 -0700 From: Julian Elischer <julian@elischer.org> To: Cole <cole@opteqint.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Packet interception / Mangling Message-ID: <42C1A6B2.8070607@elischer.org> In-Reply-To: <001301c57bc3$5608bea0$4206000a@deadmind> References: <20050627160635.9kkhi57rk88w848k@mail.opteqint.net> <42C09C33.2050403@elischer.org> <001301c57bc3$5608bea0$4206000a@deadmind>
next in thread | previous in thread | raw e-mail | index | archive | help
Cole wrote: >Hi > >Isnt pcap meant to be non-intrusive, as in it only gets sent a copy of the packet from the kernel space to userspace? And doesnt >actually intercept anything? > >Thanks for the other suggestions, but im trying to stay away from divert sockets, > Why? that's what they are for! It's like saying "I know I asked for a tool to remove this nut from the bolt but I'm trying to stay away from using wrenches". netgraph also allows you to do this in an efficient manner. > a friend also suggested libdnet, so I'll look into >that today, but if you have any further ideas, please let me know, thanks > >Regards >/Cole > >----- Original Message ----- >From: "Julian Elischer" <julian@elischer.org> >To: <cole@opteqint.net> >Cc: <freebsd-hackers@freebsd.org> >Sent: Tuesday, June 28, 2005 2:39 AM >Subject: Re: Packet interception / Mangling > > > > >>cole@opteqint.net wrote: >> >> >> >>>Hi >>> >>>I wanted to know if there are any libraries similar to pcap to intercept >>>packets/mangle packets. >>> >>> >>> >>> >>how about pcap? :-) >> >>There are also two other mechinisms.. >>"divert sockets" (man divert) which is used in conjuction with teh ipfw >>packet fileter >>and netgraph (man 4 netgraph, man ngctl, man ng_socket, man ng_ether) >>which can do a lot of interesting thins. >> >> >> >>>What im trying to do specifically is like link compression, and I would then >>>need to check if the packet is then compressed and decompress, and so forth and >>>so on. >>> >>>I would like to avoid having to use a ipfw divert to a port, and specifically >>>check all traffic to the box using a library function or some kind of hook into >>>the kernel. >>> >>>The FreeBSD version I will be using is 4.9 or 4.11, and would like to know if >>>there are any such routines available, and whether it could be a userland >>>daemon, or if i am going to need to write a kernel loadable module? >>> >>>If anyone has any ideas or suggestions, or knows anything about this, it would >>>be a great help. >>> >>>Regards >>>/Cole >>> >>> >>>_______________________________________________ >>>freebsd-hackers@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >>> >>> >>> >>>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42C1A6B2.8070607>