From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 28 09:22:33 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B183516A41C for ; Tue, 28 Jun 2005 09:22:33 +0000 (GMT) (envelope-from cole@opteqint.net) Received: from kalypso.opteqint.net (kalypso.opteqint.net [160.124.112.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6B1C43D1D for ; Tue, 28 Jun 2005 09:22:32 +0000 (GMT) (envelope-from cole@opteqint.net) Received: from 196-47-3-224.access.uunet.co.za ([196.47.3.224] helo=deadmind) by kalypso.opteqint.net with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.43 (FreeBSD)) id 1DnCIQ-000JJ9-0y; Tue, 28 Jun 2005 11:22:30 +0200 Message-ID: <001301c57bc3$5608bea0$4206000a@deadmind> From: "Cole" To: "Julian Elischer" References: <20050627160635.9kkhi57rk88w848k@mail.opteqint.net> <42C09C33.2050403@elischer.org> Date: Tue, 28 Jun 2005 11:25:27 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4922.1500 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4939.300 X-Spam-Score: -100.0 (---------------------------------------------------) X-Spam-Report: Spam detection software, running on the system "kalypso.opteqint.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Isnt pcap meant to be non-intrusive, as in it only gets sent a copy of the packet from the kernel space to userspace? And doesnt actually intercept anything? Thanks for the other suggestions, but im trying to stay away from divert sockets, a friend also suggested libdnet, so I'll look into that today, but if you have any further ideas, please let me know, thanks [...] Content analysis details: (-100.0 points, 4.2 required) pts rule name description ---- ---------------------- -------------------------------------------------- -100 USER_IN_WHITELIST From: address is in the user's white-list Cc: freebsd-hackers@freebsd.org Subject: Re: Packet interception / Mangling X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Cole List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2005 09:22:34 -0000 Hi Isnt pcap meant to be non-intrusive, as in it only gets sent a copy of the packet from the kernel space to userspace? And doesnt actually intercept anything? Thanks for the other suggestions, but im trying to stay away from divert sockets, a friend also suggested libdnet, so I'll look into that today, but if you have any further ideas, please let me know, thanks Regards /Cole ----- Original Message ----- From: "Julian Elischer" To: Cc: Sent: Tuesday, June 28, 2005 2:39 AM Subject: Re: Packet interception / Mangling > > > cole@opteqint.net wrote: > > >Hi > > > >I wanted to know if there are any libraries similar to pcap to intercept > >packets/mangle packets. > > > > > > how about pcap? :-) > > There are also two other mechinisms.. > "divert sockets" (man divert) which is used in conjuction with teh ipfw > packet fileter > and netgraph (man 4 netgraph, man ngctl, man ng_socket, man ng_ether) > which can do a lot of interesting thins. > > >What im trying to do specifically is like link compression, and I would then > >need to check if the packet is then compressed and decompress, and so forth and > >so on. > > > >I would like to avoid having to use a ipfw divert to a port, and specifically > >check all traffic to the box using a library function or some kind of hook into > >the kernel. > > > >The FreeBSD version I will be using is 4.9 or 4.11, and would like to know if > >there are any such routines available, and whether it could be a userland > >daemon, or if i am going to need to write a kernel loadable module? > > > >If anyone has any ideas or suggestions, or knows anything about this, it would > >be a great help. > > > >Regards > >/Cole > > > > > >_______________________________________________ > >freebsd-hackers@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > >