Re: bpf packet capture and SOCK_STREAM socket redirects...

Thanks for reply.

That's sort of the problem. I've got a data link capture of the packet
(bpf) and let say I redirect this packet to a SOCK_STREAM on another
machine and the whole thing will work fine (OK after rewritting some
mac and ip and checksums...).

I just need to do this on the SOCK_STREAM of the same machine. If I
try to put it in another way:

Is it possible to do a bpf write of a packet that can be seen by the
interface the bpf is bound to?

This means that the interface does it's normal work and the packet
will be deliverd to SOCK_STREAM bound to it.

A


On 3/20/08, Vadim Goncharov <vadim_nuclight@xxxxxxx> wrote:
Hi Alireza Torabi!

On Thu, 20 Mar 2008 09:43:52 +0000; Alireza Torabi wrote about 'bpf packet capture and SOCK_STREAM socket redirects...':

Is it possible to redirect/send/divert a bpf packet capture of one
interface to a listening tcp socket on another interface of the same
machine?
Here is my problem:
I'm capturing packets on one interface but for some specific tcp
packets let's say from host A to host B on port P, I want to hijack
the packet and send it to a listening tcp socket on the other
interface and reply an "Access Denied" message.

I'd like to use the tcp socket on the other interface as it's not
possible to communicate over the interface that's doing the packet
capture and I don't want to invent the wheel by doing all the tcp/tcb
states hence using a tcp socket.

But if that's a middle of connection, how would you do? Kernel sockets assume
they've acted in a conversation from the very beginning SYN's, so if you
redirect such packet, socket will not understand it.

If you yopu want to simply close/reset connection, however, this can be done
somehow.

--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@xxxxxxx
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: bpf packet capture and SOCK_STREAM socket redirects...
    ... interface to a listening tcp socket on another interface of the same ... I'm capturing packets on one interface but for some specific tcp ... possible to communicate over the interface that's doing the packet ...
    (freebsd-net)
  • RE: Intrusion Prevention requirements document
    ... The tools consider one interface as "client" and other ... Packet 1 is first sent out on client interface. ... > my previous company was Blade Software where I developed IDS Informer ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Pix 515 VLAN NAT0 issues
    ... that ACL will be exempt from NAT. ... the packet at the time the PIX receives the packet. ... ACL applied to an inside interface would have the internal IPs as ... accepted as having a translation and satisfying the security policies. ...
    (comp.dcom.sys.cisco)
  • bpf packet capture and SOCK_STREAM socket redirects...
    ... Is it possible to redirect/send/divert a bpf packet capture of one ... interface to a listening tcp socket on another interface of the same ...
    (freebsd-net)
  • bpf packet capture and SOCK_STREAM socket redirects...
    ... Is it possible to redirect/send/divert a bpf packet capture of one ... interface to a listening tcp socket on another interface of the same ...
    (freebsd-questions)