From owner-freebsd-net@FreeBSD.ORG  Fri Mar 21 11:02:06 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 926761065670
	for <freebsd-net@freebsd.org>; Fri, 21 Mar 2008 11:02:06 +0000 (UTC)
	(envelope-from alireza.torabi@gmail.com)
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.191])
	by mx1.freebsd.org (Postfix) with ESMTP id 67E888FC17
	for <freebsd-net@freebsd.org>; Fri, 21 Mar 2008 11:02:05 +0000 (UTC)
	(envelope-from alireza.torabi@gmail.com)
Received: by rv-out-0910.google.com with SMTP id g13so842057rvb.43
	for <freebsd-net@freebsd.org>; Fri, 21 Mar 2008 04:02:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	bh=9Oku3XmKKWs1r7DZ3aju9OhMZcfnTaP5y170d/p71I0=;
	b=bNwMFcwB0Qec02urIZTTd9JmVzc2sjibrRkxJWMTp0VAbWezEX3sc66JcaCqnR5hR+zV2enNoqgO66k0aM4shJhLgG1eCMXgj+uAl8eKIdNesnycJ76iLKNsMmsWjdYUB13/UIt5AO+AvNoCikQ2+foLzgnCEoXg+uS9TW7oF7I=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=sBqTcUStdne9kw+mAA6H9akgsV02F/kRJ/b1ODwzSC3mJad7L/fDk7e8EGAMSfWNZY0KHUYx4bDIm898jMpQ35QwzhnEI93Pbkxxi479JyR8qlzkqC4o5I84zU6gnag5jEFDpqUv6zBcn7U2GFD6vZcyELERBobP8rumlHCcX9I=
Received: by 10.141.178.5 with SMTP id f5mr1234242rvp.112.1206097325343;
	Fri, 21 Mar 2008 04:02:05 -0700 (PDT)
Received: by 10.140.148.10 with HTTP; Fri, 21 Mar 2008 04:02:05 -0700 (PDT)
Message-ID: <cffd8c580803210402j7c3c0900h4e8f486be0c325c@mail.gmail.com>
Date: Fri, 21 Mar 2008 11:02:05 +0000
From: "Alireza Torabi" <alireza.torabi@gmail.com>
To: "Peter Jeremy" <peterjeremy@optushome.com.au>
In-Reply-To: <20080321063517.GK85901@server.vk2pj.dyndns.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <cffd8c580803192006g4045258bxcf8fa10b322a640@mail.gmail.com>
	<cffd8c580803200243u4465889m197d2a7ca6d0fff7@mail.gmail.com>
	<slrnfu4g5d.1b5e.vadim_nuclight@hostel.avtf.net>
	<cffd8c580803200357l686d6e40qb49b3ecadb734151@mail.gmail.com>
	<slrnfu4hm4.1b5e.vadim_nuclight@hostel.avtf.net>
	<cffd8c580803200427u62d8d3b9q208364a8a96de7ba@mail.gmail.com>
	<20080321063517.GK85901@server.vk2pj.dyndns.org>
Cc: freebsd-net@freebsd.org
Subject: Re: bpf packet capture and SOCK_STREAM socket redirects...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2008 11:02:06 -0000

On Fri, Mar 21, 2008 at 6:35 AM, Peter Jeremy
<peterjeremy@optushome.com.au> wrote:
> On Thu, Mar 20, 2008 at 11:27:53AM +0000, Alireza Torabi wrote:
>  >Imagine this:
>  >
>  >           | (1)
>  >     packets
>  >           |                     | (4)
>  >        [nic1]             [nic2]
>  >         bpf             SOCK_STREAM
>  >          |  (2)                |
>  >              [FreeBSD] (3)
>  >
>  >1) all user traffic are being monitored
>  >2) bpf on [nic] is capturing these packets
>  >3) after processing we know a connection is about to be established from A to B
>  >
>  >NOW:
>  >4) I want to deliver this packet to the socket on [nic2]
>  >and as this is a tcp socket it'll take care of it from there
>  >(my code here for this sockets sends and arbitary data to A making it
>  >think it came from B)
>
>  Have a look at divert(4).  I suspect it comes closest to what you want.
>
>  --
>  Peter Jeremy
>  Please excuse any delays as the result of my ISP's inability to implement
>  an MTA that is either RFC2821-compliant or matches their claimed behaviour.
>

Yes. It sounds promising. I was reading natd and planning to read ipfw
source interestingly!
Thanks

Alireza