Date: Thu, 20 Mar 2008 10:57:39 +0000 From: "Alireza Torabi" <alireza.torabi@gmail.com> To: freebsd-net@freebsd.org Cc: vadim_nuclight@mail.ru Subject: Re: bpf packet capture and SOCK_STREAM socket redirects... Message-ID: <cffd8c580803200357l686d6e40qb49b3ecadb734151@mail.gmail.com> In-Reply-To: <slrnfu4g5d.1b5e.vadim_nuclight@hostel.avtf.net> References: <cffd8c580803192006g4045258bxcf8fa10b322a640@mail.gmail.com> <cffd8c580803200243u4465889m197d2a7ca6d0fff7@mail.gmail.com> <slrnfu4g5d.1b5e.vadim_nuclight@hostel.avtf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for reply. That's sort of the problem. I've got a data link capture of the packet (bpf) and let say I redirect this packet to a SOCK_STREAM on another machine and the whole thing will work fine (OK after rewritting some mac and ip and checksums...). I just need to do this on the SOCK_STREAM of the same machine. If I try to put it in another way: Is it possible to do a bpf write of a packet that can be seen by the interface the bpf is bound to? This means that the interface does it's normal work and the packet will be deliverd to SOCK_STREAM bound to it. A On 3/20/08, Vadim Goncharov <vadim_nuclight@mail.ru> wrote: > Hi Alireza Torabi! > > On Thu, 20 Mar 2008 09:43:52 +0000; Alireza Torabi wrote about 'bpf packet capture and SOCK_STREAM socket redirects...': > > > Is it possible to redirect/send/divert a bpf packet capture of one > > interface to a listening tcp socket on another interface of the same > > machine? > > Here is my problem: > > I'm capturing packets on one interface but for some specific tcp > > packets let's say from host A to host B on port P, I want to hijack > > the packet and send it to a listening tcp socket on the other > > interface and reply an "Access Denied" message. > > > I'd like to use the tcp socket on the other interface as it's not > > possible to communicate over the interface that's doing the packet > > capture and I don't want to invent the wheel by doing all the tcp/tcb > > states hence using a tcp socket. > > But if that's a middle of connection, how would you do? Kernel sockets assume > they've acted in a conversation from the very beginning SYN's, so if you > redirect such packet, socket will not understand it. > > If you yopu want to simply close/reset connection, however, this can be done > somehow. > > -- > WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru > [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cffd8c580803200357l686d6e40qb49b3ecadb734151>