RE: struct dlil_if_flt_str
RE: struct dlil_if_flt_str
- Subject: RE: struct dlil_if_flt_str
- From: "Carl Smith" <email@hidden>
- Date: Fri, 18 Mar 2005 13:53:45 -0500
- Thread-topic: struct dlil_if_flt_str
After some thought I believe the correct method, for me, is as you
suggested by injecting a new packet by using dlil_input.
What I need some help and/or direction in is how to create a copy and/or
new mbuf.
My plan was to get the data I needed from the original mbuf that I am
capturing, then MFREE()ing the original mbuf, so I do not hold up the
stack. After I have 'manipulated' my data I want to inject this altered
packet back into the stack, ala dlil_input. Being new to UNIX/DARWIN I
am not clear on what portions of the original mbuf I need to keep and
how to copy them into the new mbuf. Of course I know I need the Ethernet
frame held in m_data, but mbuf has a reference to struct ifnet which in
turn is a linked list. So I am confused on how to handle this. I know I
can keep the interface name and some other simple ifnet parameters
around but do I need them? Do I even need to keep any of the ifnet
structure around if I know the interface and family I want to send this
altered mbuf to?
Any help or leads would greatly be appreciated.
Carl
-----Original Message-----
From:
darwin-kernel-bounces+matthieu.kopp=email@hidden
[mailto:darwin-kernel-bounces+matthieu.kopp=email@hidden.
com] On Behalf Of Josh Graessley
Sent: Tuesday, March 15, 2005 5:42 PM
To: Carl Smith
Cc: email@hidden
Subject: Re: struct dlil_if_flt_str
You may want to consider re-injecting the packet after making your
modifications instead of making the modifications and returning. I
can't remember the details, but there is a chance that the demux code
that determines which protocol the packet belongs to may have already
run. Changing the protocol in the header after that point will do no
good.
In addition, you can attach a protocol to the interface and specify
demux descriptors that describe the ethertype you are interested in.
In doing so, you will get all of those packets. You can then modify
them to your hearts content and inject the modified packets using
dlil_input.
-josh
On Mar 15, 2005, at 2:16 PM, Carl Smith wrote:
>> Do you really want to futz with the frame header on the input path?
> Actually Yes. It can be the header retained in the mbuf, but what I am
> doing is looking for a particular frame type, our registered type,
> extracting confidential information encrypted in the packet,
> setting the
> new/replaced frame type, i.e. 0x800 and so on, then passing it up the
> stack. Now if someone or something is doing some kind of header
> filtering or type checking and throwing away unknown packets types,
> I'm
> screwed.
>
> If the later is the case then I need to be lower then a dlil interface
> filter.
>
> If there is a problem with where I have my packet capture/filtering
> setup I would really appreciate any comments to eliminate some 'throw'
> away work.
>
> Thanks
> Carl
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden