Re: bpf packet capture and SOCK_STREAM socket redirects...

Imagine this:

| (1)
packets
| | (4)
[nic1] [nic2]
bpf SOCK_STREAM
| (2) |
[FreeBSD] (3)

1) all user traffic are being monitored
2) bpf on [nic] is capturing these packets
3) after processing we know a connection is about to be established from A to B

NOW:
4) I want to deliver this packet to the socket on [nic2]
and as this is a tcp socket it'll take care of it from there
(my code here for this sockets sends and arbitary data to A making it
think it came from B)

hope this helps.



On 3/20/08, Vadim Goncharov <vadim_nuclight@xxxxxxx> wrote:
Hi Alireza Torabi!

On Thu, 20 Mar 2008 10:57:39 +0000; Alireza Torabi wrote about 'Re: bpf packet capture and SOCK_STREAM socket redirects...':

That's sort of the problem. I've got a data link capture of the packet
(bpf) and let say I redirect this packet to a SOCK_STREAM on another
machine and the whole thing will work fine (OK after rewritting some
mac and ip and checksums...).

I just need to do this on the SOCK_STREAM of the same machine. If I
try to put it in another way:

Is it possible to do a bpf write of a packet that can be seen by the
interface the bpf is bound to?

AFAIK, no.

This means that the interface does it's normal work and the packet
will be deliverd to SOCK_STREAM bound to it.

What exactly is your task? May be it is worth consider some other ways if
additional details are known.

--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@xxxxxxx
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Socket Disconnect
    ... That is, if you are periodically sending packets, you'll find out ... > dies that the connection is broken. ... In that case, the stack will detect ... > but, when all of those attempts fail, it will close the socket and you'll ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: Socket Disconnect
    ... To notice that a connection has been broken, you either have to try to send ... In that case, the stack will detect ... but, when all of those attempts fail, it will close the socket and you'll ... If you are sitting around waiting to receive packets, though, you'll never ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: CAsyncSocket thread crashing on WM_SOCKET_NOTIFY message
    ... > getting a message after the socket has closed. ... > packets for the connection/socket that ends in an exception. ... The server is listening to port 33000. ... > Close Connection ...
    (microsoft.public.vc.mfc)
  • Re: bge dropping packets issue
    ... listening in this instance is using BPF. ... to understand how much can BPF take before dumping packets due to lack ... bpf is turned on on the receiver. ... packets at a send rate of about 400 kpps. ...
    (freebsd-net)
  • [ANN]: Microolap Packet Sniffer SDK 4.0
    ... The major release 4.0 of Packet Sniffer SDK is out: Ethernet emulation mode for Loopback traffic, Adjustable packets pool, support of x64systems in BPF JIT compiler, packets marking in BPF filter, the queue for packets sending..... ... Ethernet emulation mode for HNLBAdapter object is added. ... All objects, properties, methods, and events available for HNAdapter object now are available for Loopback adapter too. ...
    (borland.public.delphi.thirdpartytools.general)