From owner-freebsd-hackers@FreeBSD.ORG Thu Aug 16 08:40:26 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DC4316A417 for ; Thu, 16 Aug 2007 08:40:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outA.internet-mail-service.net (outA.internet-mail-service.net [216.240.47.224]) by mx1.freebsd.org (Postfix) with ESMTP id 1AA3E13C45A for ; Thu, 16 Aug 2007 08:40:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Thu, 16 Aug 2007 01:40:25 -0700 Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 09311125FEA; Thu, 16 Aug 2007 01:40:25 -0700 (PDT) Message-ID: <46C40D7C.5010207@elischer.org> Date: Thu, 16 Aug 2007 01:40:28 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Eric Anderson References: <46C3B9A4.4000304@freebsd.org> In-Reply-To: <46C3B9A4.4000304@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: Modifying bridged traffic X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2007 08:40:26 -0000 Eric Anderson wrote: > What is the easiest way to play with modifying data in-transit within an > ethernet bridge? > > For instance, say I have something like this: > > [BOX 1] <----> [ BOX 2 ] <----> [ BOX 3 ] > > And BOX 2 is a FreeBSD box with bridging enabled between two ethernet > interfaces, how can I parse/modify the ethernet frames as they pass > through? a netgraph bridge can do that (you can hook two ng_bridges together and capture all the packets that flow between them... There are also some patches that allow divert sockets to be attached to a bridging ipfw firewall. > > Eric > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"