Re: How does packet capture interact with

[Aaron Turner <synfinatic () gmail com>]

On Thu, Sep 24, 2009 at 12:40 PM, Robert Burgess
<burgess () systems cs cornell edu> wrote:
> > As long as the destination IP address of the packets are not of the
> > firewall then you shouldn't need a host-based firewall to drop the
> > packets.
>
> It still has to drop them, though---I think---because I don't want the
> packets forwarded on until I say so.

Assuming you do the forwarding in user space (ala tcpbridge) with
libpcap then it won't be a problem.  If you're doing the forwarding in
the kernel, then you've got a big problem since by the time you read
the packet via libpcap, chances are the kernel has already forwarded
it on.

> > Also, I forgot to mention that on some platforms, libpcap supports
> > only sniffing packets going a certain direction (in our out the
> > interface).  You should use that API when possible as it will improve
> > performance a good deal.
>
> That's pcap_setdirection, yes?  Thanks!

yep.

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.