tech-net: Re: Custom packet editing

Subject: Re: Custom packet editing
To: NetBSD Tech-Net <tech-net@netbsd.org>
From: Juha-Matti Liukkonen <jml@cubical.fi>
List: tech-net
Date: 05/26/1999 23:03:34

On a related note: assuming I have a software IP proxy (such as diald),
the FreeBSD divert socket would apparently be an optimal routing
solution to get packets out of the kernel for further routing by the
software agent. Binding a SLIP if to a pty works, allowing for normal IP
routing to be used, but it is somewhat kludgy in my opinion. The
IPFilter does not allow snarfing raw IP packets _out_ of the kernel,
unless I'm mistaken?

	- Juha

Ignatios Souvatzis wrote:
> 
> On Wed, May 26, 1999 at 10:11:04AM -0400, Mike Pelley wrote:
> > > For IP packets, you can use IPfilter.
> >
> > I have a unique application where I need to edit the packet before it
> > reaches IPFilter (or at least the ipnat inside of ipfilter).  I use IPFilter
> > to do network address translation from the inside interface to the outside
> > interface, but I need to edit the packets from some machines on the inside
> > before IPFilter sees them, and the packets to some machines on the inside
> > after IPFilter has translated them.
> 
> Just wondering: isn't this just more IPF rules?
>         -is

--                               ____
                Juha Liukkonen  /___/|  Cubical Solutions Ltd
                jml@cubical.fi  |   ||  Tel. +358(0)405280142
                                |___|/