Date: Mon, 14 Jun 2004 10:38:27 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: James Housley <jim@Thehousleys.net> Cc: freebsd-net@FreeBSD.org Subject: Re: Using netgraph for filtering/modifing packets. Message-ID: <Pine.BSF.4.21.0406141032110.30464-100000@InterJet.elischer.org> In-Reply-To: <40CDE026.3040502@Thehousleys.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Jun 2004, James Housley wrote: > > I have a product that is connected to a PC via eithernet. The product > runs FBSD, but I would likely put another FBSD box in the middle. I want > to be able modify packets for good and evil based on the data portion of > the packet. > > For example to ocasionally drop a packet that is acking some command. Or > send an ack for a command that was never sent. Or just change data to be > invalid. > > Then after messing with the data portion put it back in the queue to be > sent, if it wasn't just dropped. > > Jim > Is this product running over.. 1/ your own low-level protocol use netgraph etf node to divert packets to userland for processing by a program (using 'socket' node) example: nghook or 2/ IP? 2a/ UDP? or 2b/ some proprietary IP protocol? use ipfw and 'divert' to divert to a userland program for manipulation example: natd or tcpmssd (in ports/net)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0406141032110.30464-100000>