From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 10 05:04:32 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 051C316A421 for ; Wed, 10 Aug 2005 05:04:29 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (gate.funkthat.com [69.17.45.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87EFA45F48 for ; Wed, 10 Aug 2005 04:41:26 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (localhost.funkthat.com [127.0.0.1]) by hydrogen.funkthat.com (8.13.3/8.13.3) with ESMTP id j7A4fPSX006146; Tue, 9 Aug 2005 21:41:25 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.13.3/8.13.3/Submit) id j7A4fOeF006145; Tue, 9 Aug 2005 21:41:24 -0700 (PDT) (envelope-from jmg) Date: Tue, 9 Aug 2005 21:41:24 -0700 From: John-Mark Gurney To: Minh Tran Message-ID: <20050810044124.GE62369@funkthat.com> Mail-Followup-To: Minh Tran , freebsd-hackers@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Operating-System: FreeBSD 5.4-RELEASE-p1 i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html Cc: freebsd-hackers@freebsd.org Subject: Re: Kernel code of reseting/ignoring tcp SYN packets X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: John-Mark Gurney List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2005 05:04:33 -0000 Minh Tran wrote this message on Sat, Aug 06, 2005 at 21:42 +1000: > I was looking around for the files of Kernel code where SYN messages are sent, > so we can simply inject some code to send back a reset messages or ignore the SYN requests. You should probably simply look at ipfw... you can match outgoing syn requests with something like: ipfw add deny ip from any to any out setup > I am having a bit of trouble in finding out the way of injecting code in the kernel to deal with SYN packets. > I am thinking of using ipfw to either reset or drop SYN packets. > > Would anyone have some hints on the clean way of injecting some code to deal with SYN packets > or could you give me some ideas on which files i should look at? I really appreciate that. > I saw some promising files in src/sys/netinet but they are not all clear in my mind. The file that does the sending of SYN packets is sys/netinet/tcp_output.c in the function tcp_output... but I'd highly recommend you look at ipfw or divert sockets... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."