From owner-freebsd-net@FreeBSD.ORG Fri Apr 21 14:14:47 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 406E116A412 for ; Fri, 21 Apr 2006 14:14:47 +0000 (UTC) (envelope-from ghelmer@palisadesys.com) Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 869D843DB1 for ; Fri, 21 Apr 2006 14:14:23 +0000 (GMT) (envelope-from ghelmer@palisadesys.com) Received: from [172.16.1.108] (cetus.palisadesys.com [192.188.162.7]) (authenticated bits=0) by magellan.palisadesys.com (8.13.4/8.13.4) with ESMTP id k3LEEJqF087730 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Apr 2006 09:14:20 -0500 (CDT) (envelope-from ghelmer@palisadesys.com) Message-ID: <4448E8BB.2070609@palisadesys.com> Date: Fri, 21 Apr 2006 09:14:19 -0500 From: Guy Helmer User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Amit Mondal References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Palisade-MailScanner-Information: Please contact the ISP for more information X-Palisade-MailScanner: Found to be clean X-Palisade-MailScanner-From: ghelmer@palisadesys.com Cc: freebsd-net@freebsd.org Subject: Re: freeBSD /ipfw/ divert socket X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 14:14:47 -0000 Amit Mondal wrote: > Hi All, > > I need a little help with FreeBSD Kernel stuff. I wanna use Divert Socket to > sniff IP packet in FreeBSD. > For that I have compiled the kernel with options IPDIVERT and everything is > ok. > > Now, when I am not really sniffing and re-injecting the packet back to the > network stack, it is basically dropping all the packets. But I want it > pass-through it, when no application is reading at divert socket. My > question is, HOW CAN I MAKE IT PASS-THROUGH? IF NO APPLICATION IS READING > FROM DIVERT SOCKET, IT SHOULD WORK AS IF THERE IS NO DIVERT SOCKET. > > Thanks in adavnce > > Rgds > Amit > > Speaking from experience, it would be trivial to borrow sys/netgraph/ng_tee.c and modify it to pass packets through the left2right and right2left hooks when the hooks are connected, and pass packets directly right or left when the left2right and right2left hooks aren't connected. Then netgraph sockets can be constructed from userland programs to connect to the left2right and right2left hook. Packets will be passed to your program when your sockets are connected, and otherwise packets will skip right through the modified netgraph tee when the sockets aren't connected. Hope this helps, Guy -- Guy Helmer, Ph.D. Principal System Architect Palisade Systems, Inc.