tcpdump mailing list archives
Re: packet modification
From: Craig Davison <craig () darkcalgary com>
Date: Mon, 3 Nov 2003 23:42:18 -0700 (MST)
On Mon, 3 Nov 2003, John Fastabend wrote:
[...] and the other was to use iptables to drop them and since libpcap captures them before iptables drops them you can retransmit the packets. I cant remember the name of the library to interact with iptables but if you need it email me offline and i'll look it up, i'm in class right now. And if you find a better way let me know.
With netfilter (iptables), all packets with a target of QUEUE are queued by the kernel. You can grab packets from the queue into userspace with a library called libipq, manipulate them however you want, and pass back a verdict of ACCEPT or DROP. libipq comes with iptables. The only good documentation I know of is the libipq man page. There's also a netfilter-devel mailing list. Mr. Abbad is using OpenBSD so this Linux-specific information will be of limited use to him. The only equivalent feature I know of for a BSD is 'divert' sockets in FreeBSD (ipfw 'divert' rule). Anyway, this is all off-topic for this list. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- packet modification Kifah Abbad (Nov 02)
- Re: packet modification John Fastabend (Nov 03)
- Re: packet modification Craig Davison (Nov 03)
- Re[2]: packet modification Kifah Abbad (Nov 04)
- Re: Re[2]: packet modification Mario Lobo (Nov 04)
- Re: packet modification John Fastabend (Nov 03)