Date: Fri, 12 Jan 96 18:00:04 -0800 From: "Sean T. Lamont" <lamont@abstractsoft.com> To: questions@freebsd.org Subject: Question for someone with FreeBSD kernel familiarity: Message-ID: <9601130200.AA16017@zebu.serv.net>
next in thread | raw e-mail | index | archive | help
I have need for my FreeBSD system to monitor traffic over the local ethernet for auditing purposes, not necessarily just towards the FreeBSD system but towards other systems on the local network. What I think I would like to do is make a small modification to the kernel to compare incoming and outgoing traffic against a fixed IP# ; if it matches, increase a kernel-level buffer variable to record the total size. I think this can be done in ip_output and ip_input (Don't care about icmp and others ; really only care about TCP.), but I'm not completely sure where to look. If you could give me some hints about where the packet destined for the remote system would be seen within the kernel, how to find its source / destination addresses, and total size of the packet, this would be extremely useful to me. Alternatively, if someone has done this before please let me know. Sean T. Lamont, President / CEO, Abstract Software (ServNet) - Internet access * WWW hosting * TCP/IP * UNIX * NEXTSTEP * WWW Development - email: lamont@abstractsoft.com WWW: http://www.serv.net "...There's no moral, it's just a lot of stuff that happens". - H. Simpson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9601130200.AA16017>