From owner-freebsd-net@FreeBSD.ORG Sat Mar 22 01:25:04 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2EF5D106564A for ; Sat, 22 Mar 2008 01:25:04 +0000 (UTC) (envelope-from alireza.torabi@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.171]) by mx1.freebsd.org (Postfix) with ESMTP id E40338FC14 for ; Sat, 22 Mar 2008 01:25:03 +0000 (UTC) (envelope-from alireza.torabi@gmail.com) Received: by wf-out-1314.google.com with SMTP id 25so1838179wfa.7 for ; Fri, 21 Mar 2008 18:25:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=6GwCRfASeCiwnSV76bo543p5OP7Tl8dM3zBBjFzIXA0=; b=lccivbCT0UKOjXZst8maShs4MdTkWUSx3Nez7p6vnNl1EOJGeG9bC6CiKtCG+CJCHnDb7FZJYQyHDAU0susTEG0ETGcj9s6Y7lndZiNbRzJ/EjYGIfhFLgPRa2q5e5WRwdG8s+nU99CigjS0pNcXnxCGN28Yj8bBHZPotfZoIMI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oWnu5c8DPFldGWVoCG3Y5j11riCcBzS1cUNvWlf4idp/XkcakXiQilSySmNXNILVi7Et50Sxki3yGyXgZW91yBJP5/RKnvIOaxsfpMZCqJTbRk4OSV4/jNn0YtYs9mcIns8KPZAm1Zr0t9Tqu+dAWVj/B5OPXa61sZjJRf3LO1c= Received: by 10.114.202.15 with SMTP id z15mr7066215waf.72.1206149103649; Fri, 21 Mar 2008 18:25:03 -0700 (PDT) Received: by 10.115.78.3 with HTTP; Fri, 21 Mar 2008 18:25:03 -0700 (PDT) Message-ID: Date: Sat, 22 Mar 2008 01:25:03 +0000 From: "Alireza Torabi" To: freebsd-net@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20080321063517.GK85901@server.vk2pj.dyndns.org> <47E3FB93.1080501@elischer.org> Subject: bpf packet capture and SOCK_STREAM socket redirects... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Mar 2008 01:25:04 -0000 On Fri, Mar 21, 2008 at 6:16 PM, Julian Elischer wrote: > > Alireza Torabi wrote: > > On Fri, Mar 21, 2008 at 6:35 AM, Peter Jeremy > > wrote: > >> On Thu, Mar 20, 2008 at 11:27:53AM +0000, Alireza Torabi wrote: > >> >Imagine this: > >> > > >> > | (1) > >> > packets > >> > | | (4) > >> > [nic1] [nic2] > >> > bpf SOCK_STREAM > >> > | (2) | > >> > --------------------------------------- > >> > [FreeBSD] (3) > >> > > >> >1) all user traffic are being monitored > >> >2) bpf on [nic] is capturing these packets > >> >3) after processing we know a connection is about to be established from A to B > >> > > >> >NOW: > >> >4) I want to deliver this packet to the socket on [nic2] > >> >and as this is a tcp socket it'll take care of it from there > >> >(my code here for this sockets sends and arbitary data to A making it > >> >think it came from B) > >> > >> Have a look at divert(4). I suspect it comes closest to what you want. > >> > >> -- > >> Peter Jeremy > >> Please excuse any delays as the result of my ISP's inability to implement > >> an MTA that is either RFC2821-compliant or matches their claimed behaviour. > >> > > > > Yes. It sounds promising. I was reading natd and planning to read ipfw > > source interestingly! > > also I think you may want the 'fwd' call in ipfw... > I won't be using ipfw(8) at all as this is monitoring a copy of all the packets flowing through a core switch on a span/rmon 'ed switch port. > I don't quite understand your question.. > (despite the picture) > where ia A and where is B? > As I say I can only they a copy of these hosts' traffic over an rmon/span 'ed (Cisco terms) switch port. > and why 2 nics? [nic1] is connected to above switch port and and is bpf ing all the the packets (promisc) and [nic2] has it's own ip address and connected to a normal switch port, hence can send and receive data. ie talk to A or B > > User traffic where? > on a switch? > coming in and out of this machine? bpf is reading all the incoming packets coming to [nic1] off. > > you need to define a little more of the picture.. > > Julian btw, are you the Julian netgraph(8)? > > > > Thanks > > > > Alireza > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >