Re: Questions about Packet Filter

Rogier Wolff (R.E.Wolff@BitWizard.nl)
Thu, 21 May 1998 10:10:20 +0200 (MET DST)

Alan Cox wrote:
>
> > Are the BPF devices capable of "intercept" packages passing through
> > them?
>
> There are no BPF 'devices'. 2.1.x allows BPF filters on arbitary sockets
> BPF does not write packets just test them.
>
> > I mean is it possible that after it intercepts the outgoing package it
> > can modify the package contents(e.g. destination port) and inject into
> > NIC? Or, modify the package contents when intercept the incoming
> > packages and poll them back to the higher level protocols or
> > applications?
>
> Not trivially.

But wouldn't you be able to make your application feed the packet that
filtered through the BPF back to the kernel, modified as needed?

There is a kernel/userland network packet interface that I've never
looked into. If worse comes to worse, you'll have to open a pty, and
shove the packet, ppp encapsulated onto that....

Roger.

-- 
If it's there and you can see it, it's REAL      |___R.E.Wolff@BitWizard.nl  |
If it's there and you can't see it, it's TRANSPARENT |  Tel: +31-15-2137555  |
If it's not there and you can see it, it's VIRTUAL   |__FAX:_+31-15-2138217  |
If it's not there and you can't see it, it's GONE! -- Roy Wilks, 1983  |_____|


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu