From owner-freebsd-hackers  Thu May 21 17:40:58 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA13131
          for freebsd-hackers-outgoing; Thu, 21 May 1998 17:40:58 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from antipodes.cdrom.com (castles145.castles.com [208.214.165.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA12935
          for <hackers@FreeBSD.ORG>; Thu, 21 May 1998 17:40:14 -0700 (PDT)
          (envelope-from mike@antipodes.cdrom.com)
Received: from antipodes.cdrom.com (localhost [127.0.0.1])
	by antipodes.cdrom.com (8.8.8/8.8.5) with ESMTP id QAA05440;
	Thu, 21 May 1998 16:36:19 -0700 (PDT)
Message-Id: <199805212336.QAA05440@antipodes.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: "L.C." <lc001@yahoo.com>
cc: hackers@FreeBSD.ORG
Subject: Re: Questions about Packet Filter 
In-reply-to: Your message of "Thu, 21 May 1998 11:06:13 PDT."
             <19980521180613.19279.rocketmail@send1d.yahoomail.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 21 May 1998 16:36:19 -0700
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Many thanks to all the knowledgeable people for the valuable
> information. I will read the book you mentioned, try the methods you
> suggested and do more research on these.
> 
> Ever developed the drivers about two years ago to intercept the
> packages in the link layer(NDIS in Windows...) and just finished a
> project to intercept the data stream in the socket level(LSP in
> WinSock2)I need to port all these Windows codes to possible UNIX
> platforms. I've done some UNIX programming in both kernel and
> application levels before but never played BPF or DLPI rationales. I
> do have further questions:
> 
> 1. Are the ipfilter tools using divert() function that Mike and Dan
> mentioned available in somewhere? 

ipfilter is Darren Reed's in-kernel firewall product.

divert(4) is a FreeBSD-native feature.  It is not, to the best of my
knowledge, emulated by anything else.

> 2. So, there is no any way, tool, or utility can intercept the data
> flowing in the socket level(like LSP in WinSock2)? Any plan about this?

Under FreeBSD, divert(4) is your friend.  Others have made suggestions 
for other systems.

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message