Date: Fri, 14 Mar 1997 09:45:03 -0800 From: "John H. Aughey" <jha@freefall.freebsd.org> To: freebsd-hackers Subject: Pre/Post processing IP packets Message-ID: <199703141745.JAA01129@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
I want to be able to pre-process and post-process IP packets which are received by a network interface or are going out a network interface. Basically I want to be able to look at an IP packet immediately after it's received by an interface, fiddle around with the packet, and then pass the modified packet back to the kernel for further processing. In the same way I want to look at a packet that is going out an interface, fiddle around with the packet, and then pass the modified packet back to the kernel for actual transmission. This is for some experimental work I want to do with IPSec. I really want all this processing to be done in user land. It looks like the bpf is close, but it appears it's passive rather than active. There is some code written for Linux which runs entirely in kernel mode which frankly scares me, especially if more of the IPSec is implemented. Does anyone have any suggestions? Originally I was using the tunnel device and would setup static routes which would work if it's being used as a security gateway, but causes problems if you want to have packets IPSec'ed that originate from or are destined to the local host. Overall, it seemed possible, but difficult to use a tunnel device for this. -John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703141745.JAA01129>