FreeBSD Mail Archives

Date:      Mon, 14 Jun 2004 13:28:06 -0400
From:      James Housley <jim@Thehousleys.net>
To:        freebsd-net@FreeBSD.org
Subject:   Re: Using netgraph for filtering/modifing packets
Message-ID:  <40CDE026.3040502@Thehousleys.net>
In-Reply-To: <Pine.BSF.4.21.0406141016280.30464-100000@InterJet.elischer.org>
References:  <Pine.BSF.4.21.0406141016280.30464-100000@InterJet.elischer.org>


[-- Attachment #1 --]
Julian Elischer wrote:
> 
> On Mon, 14 Jun 2004, James Housley wrote:
> 
> 
>>For testing of a product I would like to be able to modify or even drop
>>packets based on their content.  What I have in mind is forcing the
>>packets through a firewall that would redirect all packet to a netgraph
>>node that would either pass unchanged, drop or change the contents to
>>assist in testing some corner cases in the code.
>>
>>1) is this something doable with netgraph, I believe it is.
> 
> 
> yes
> 
> 
> 
>>2) what might be a good place to start?  Have done some searching, but
>>haven't found any example code I thought I could start from.
> 
> 
> What sort of filter do you need?
> 
> you can pass packets to netgraph from ipfw by diverting them and
> openning a divert socket with teh ksocket node..
> 
> Or you can pick them directly from the network interface
> and filter yourself using the 'bpf' node type to select 
> on something.
> or you can use the etf type of node to filter on a particular 
> ethertype..
> 
> there are a lot of options but I don't knw your application enough :-)
> 

I have a product that is connected to a PC via eithernet.  The product 
runs FBSD, but I would likely put another FBSD box in the middle.  I want 
to be able modify packets for good and evil based on the data portion of 
the packet.

For example to ocasionally drop a packet that is acking some command.  Or 
send an ack for a command that was never sent.  Or just change data to be 
invalid.

Then after messing with the data portion put it back in the queue to be 
sent, if it wasn't just dropped.

Jim

-- 
/"\   ASCII Ribbon Campaign  .
\ / - NO HTML/RTF in e-mail  .
  X  - NO Word docs in e-mail .
/ \ -----------------------------------------------------------------
jeh@FreeBSD.org      http://www.FreeBSD.org     The Power to Serve
jim@TheHousleys.Net  http://www.TheHousleys.net
---------------------------------------------------------------------
"Eagles may soar, but weasels don't get sucked into jet engines"
     -- Anon

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��	#0��0�U���0
	*�H��
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
040131191100Z
050130191100Z0^10UHousley10U*James10U
James Housley1"0 	*�H��
	jim@thehousleys.net0�"0
	*�H��
�0�
����%k�׈7o_t�g�?@<��_P.�E�h���;�_{)SӻNKH)��'�M�(��W_��w%�ވ,UnJ�13{���㎊�����t�	[���l��B��g��]������Ѣ���bk�KZ�3�O��X�m����uq2�$�=d8ݨi���ܠc��[�)��"(�V��ln嗛x�RE%H��%�'��zm6������;!�ni�j0$�c����`
�w�ӁX	ᝐ����C��s��00.0U0�jim@thehousleys.net0U�00
	*�H��
����}N�����r��x�4Ae+d��)?�O}�i�bq�W��SV���َUր���0���Q�j��L���*���m$�A
"Vs�̱���8~�`��0e�&�q�$�5���]%�ړN0��0�U���0
	*�H��
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
040131191100Z
050130191100Z0^10UHousley10U*James10U
James Housley1"0 	*�H��
	jim@thehousleys.net0�"0
	*�H��
�0�
����%k�׈7o_t�g�?@<��_P.�E�h���;�_{)SӻNKH)��'�M�(��W_��w%�ވ,UnJ�13{���㎊�����t�	[���l��B��g��]������Ѣ���bk�KZ�3�O��X�m����uq2�$�=d8ݨi���ܠc��[�)��"(�V��ln嗛x�RE%H��%�'��zm6������;!�ni�j0$�c����`
�w�ӁX	ᝐ����C��s��00.0U0�jim@thehousleys.net0U�00
	*�H��
����}N�����r��x�4Ae+d��)?�O}�i�bq�W��SV���َUր���0���Q�j��L���*���m$�A
"Vs�̱���8~�`��0e�&�q�$�5���]%�ړN0�?0���
0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0��0
	*�H��
��0����Ħ<UsU�N�ʙZh�up��������[�v�:a�Q���P
0�cZ,�p����+�Z�?qV˯<���6$*�+��w=�+��>�@�dק���e��*T�H���<a@dr`�����0��0U�0�0CU<0:08�6�4�2http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 �010UPrivateLabel2-1380
	*�H��
��H��P��.�
�f�g�����C���L!��6�-�6/��P �p<���ab��:~�����t�%P�b��'qW%�ݩ�9�� Oe_�������N���4�[5Mw�V!x��!5�$��F�]_eO1�;0�70i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA��0	+���0	*�H��
	1	*�H��
0	*�H��
	1
040614172807Z0#	*�H��
	14"j��h*�DR�_(�}H0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0x	+�71k0i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA��0z*�H��
	1k�i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA��0
	*�H��
�<N�w�
8!
i��|�#"��=<�Y��6)�(t�hl�$��T�eE�։ZHR���dx�G[�U�l���EA}�=�aq!e'΀O�pl�k>���W4�E�~^^�M�P~mA��ǂ�:ah�E�H}P�v]�/o��w]�yw)��(�'�o7M�HI�C,�x��S���[OSI����(���A��Mvl�Y
�V����U�������e�Wb�M�����1�������QĒ�/��/�ɒ�

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40CDE026.3040502>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation