Re: How does packet capture interact with

[Aaron Turner <synfinatic () gmail com>]

On Wed, Sep 23, 2009 at 2:39 PM, Robert Burgess
<burgess () systems cs cornell edu> wrote:
> > Or you could consider not using pcap at all. I don't know what your
> > application is but it's possible you could accomplish it just by
> > receiving and sending on raw IP sockets. That's also quite portable.
>
> Thanks for this suggestion!  I read a bunch of documentation claiming
> it was actually highly nonportable to scare people off, but I was never
> totally clear on what features weren't portable.  I will try this approach
> and see if it is simpler for this application.  I am, of course, also
> still open to other suggestions.

Doesn't sound like you have your requirements fully flushed out, but
you might want to take a look at the tcpbridge code which is part of
tcpreplay.  It basically does most of what you need:

1. Listens on two interfaces via libpcap
2. Forwards packets between them
3. Filters packets out to prevent replay loops caused by seeing the
packets you send (basically implements a learning bridge where it
learns which MAC addresses live on each segment)

All you'd have to do is add your firewall logic to decide what packets to drop.

And like libpcap, it's BSD licensed.

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.