Date: Sun, 11 Jun 2006 14:52:05 +0200 From: Max Laier <max@love2party.net> To: "Shaun Colley" <shaun@rsc.cx> Cc: freebsd-net@freebsd.org Subject: Re: Unexpected behavior after altering inetsw[] switch table Message-ID: <200606111452.17556.max@love2party.net> In-Reply-To: <52332.81.107.58.115.1150028941.squirrel@webmail.rsc.cx> References: <52706.81.107.58.115.1149986191.squirrel@webmail.rsc.cx> <200606111308.28468.max@love2party.net> <52332.81.107.58.115.1150028941.squirrel@webmail.rsc.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1859497.ntLraXUpWu Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 11 June 2006 14:29, Shaun Colley wrote: > Hi Max & group, > > > As you can see in netinet/in_proto.c, tcp does not use pr_output, but > > calls > > tcp_output() directly where needed. Depending on what you want to achi= ve > > it > > might be enough to hack up tcp_usr_send() and replace > > tcp_usrreqs.pru_send instead. Replaceing tcp_output() is not easily > > possible. You could start with telling us what you *really* want to do = so > > we can point you to a workable option. > > Right, I'll start by telling you what I'm actually trying to achieve. > Everytime an IP datagram with a TCP header is sent, I want to mangle (i.e. > modify) part of the TCP packet and it's payload with 'random' data. > Although this may sound a bit pointless, I want to do this to implement a > form of dumb fuzzing, which is a form of stress testing used a lot in > computer security. Does that make a bit of sense? > > So I was attempting to modify the pr_output hook for TCP (which I now know > isn't possible) and replace it with a ptr to my own hacked tcp_output > routine. > > Can you see a way to do what I'm trying to achieve? You should tap into the generic IP packet filter hook and modify the packet= =20 from there. Look in netinet/ip_fw_pfil.c or contrib/pf/net/pf_ioctl.c for= =20 examples how to place a hook in there. The PFIL_OUT hook is what you want= =20 and lets you see every packet sent outbound after IP header has been=20 prepended. You will have to do some parsing of the IP header to get to the= =20 TCP part, but ip_fw2.c and pf.c should offer enough information on how to d= o=20 that. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1859497.ntLraXUpWu Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQBEjBIBXyyEoT62BG0RAnX4AJ9WnxdBXqthanMDWslKxWt/A1uUVwCeOjip MxKykqr51/Mx+i0eqn0fqVQ= =7ehD -----END PGP SIGNATURE----- --nextPart1859497.ntLraXUpWu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606111452.17556.max>