Hi,

  Checked up the 'pfil' man page. Man page says that one can register a
function for incoming and outgoing packets.

func(void *data, int hlen, struct ifnet *net, int dir, struct mbuf **m)

where
data is the ip data.


Now the question is can I just see the contents only or I can modify it
also.=20

It seems that I cannot modify it since there is now way to return the
modified length. Am I missing something?

Thanks
Hemant



-----Original Message-----
From: Hubert Feyrer [mailto:hubert.feyrer@informatik.fh-regensburg.de]
Sent: Tuesday, November 27, 2001 3:56 PM
To: Hemant Puri
Cc: tech-net@netbsd.org
Subject: Re: Capturing/Modifying TCP packets when used as a router.


On Tue, 27 Nov 2001, Hemant Puri wrote:
> I want to use NetBSD as a router and want to capture/modify the TCP
> packets going out. (Something like a firewall functionality with the
> additional ability to modify packets).
>=20
> Any pointers on how it can be done would be appreciated.

Check out the IPfilter Firewall code that comes with NetBSD, it's
located
somewhere in /sys. IPfilter uses the packet filter interface, which
might
be of interrest too, it's enabled with the kernel option PFIL_HOOKS and
documented in the pfil(9) manpage. There's also the bpf(4) interface
that
might be interresting.


 - Hubert (NOT a kernel guru!)

--=20
Want to get a clue on IPv6 but don't know where to start? Try this:
* Basics ->
http://www.onlamp.com/pub/a/onlamp/2001/05/24/ipv6_tutorial.html
* Setup  ->
http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html=20
Of course with your #1 IPv6 ready operating system ->
http://www.NetBSD.org/