Re: packet modification

[Craig Davison <craig () darkcalgary com>]

On Mon, 3 Nov 2003, John Fastabend wrote:

> [...] and the other was to use  iptables to drop
> them and since libpcap captures them before iptables drops them you can
> retransmit the packets.  I cant remember the name of the library to
> interact with iptables but if you need it email me offline and i'll look
> it up, i'm in class right now.  And if you find a better way let me know.

With netfilter (iptables), all packets with a target of QUEUE are queued
by the kernel. You can grab packets from the queue into userspace with a
library called libipq, manipulate them however you want, and pass back a
verdict of ACCEPT or DROP.
libipq comes with iptables. The only good documentation I know of is the
libipq man page. There's also a netfilter-devel mailing list.

Mr. Abbad is using OpenBSD so this Linux-specific information will be of
limited use to him. The only equivalent feature I know of for a BSD
is 'divert' sockets in FreeBSD (ipfw 'divert' rule).

Anyway, this is all off-topic for this list.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe