site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Thread-index: AcUqAULwTND+D+BgSmOTT5EI+Sg08AB6SPZg Thread-topic: struct dlil_if_flt_str After some thought I believe the correct method, for me, is as you suggested by injecting a new packet by using dlil_input. What I need some help and/or direction in is how to create a copy and/or new mbuf. My plan was to get the data I needed from the original mbuf that I am capturing, then MFREE()ing the original mbuf, so I do not hold up the stack. After I have 'manipulated' my data I want to inject this altered packet back into the stack, ala dlil_input. Being new to UNIX/DARWIN I am not clear on what portions of the original mbuf I need to keep and how to copy them into the new mbuf. Of course I know I need the Ethernet frame held in m_data, but mbuf has a reference to struct ifnet which in turn is a linked list. So I am confused on how to handle this. I know I can keep the interface name and some other simple ifnet parameters around but do I need them? Do I even need to keep any of the ifnet structure around if I know the interface and family I want to send this altered mbuf to? Any help or leads would greatly be appreciated. Carl -----Original Message----- From: darwin-kernel-bounces+matthieu.kopp=centraliens.net@lists.apple.com [mailto:darwin-kernel-bounces+matthieu.kopp=centraliens.net@lists.apple. com] On Behalf Of Josh Graessley Sent: Tuesday, March 15, 2005 5:42 PM To: Carl Smith Cc: darwin-kernel@lists.apple.com Subject: Re: struct dlil_if_flt_str You may want to consider re-injecting the packet after making your modifications instead of making the modifications and returning. I can't remember the details, but there is a chance that the demux code that determines which protocol the packet belongs to may have already run. Changing the protocol in the header after that point will do no good. In addition, you can attach a protocol to the interface and specify demux descriptors that describe the ethertype you are interested in. In doing so, you will get all of those packets. You can then modify them to your hearts content and inject the modified packets using dlil_input. -josh On Mar 15, 2005, at 2:16 PM, Carl Smith wrote:
Do you really want to futz with the frame header on the input path? Actually Yes. It can be the header retained in the mbuf, but what I am doing is looking for a particular frame type, our registered type, extracting confidential information encrypted in the packet, setting the new/replaced frame type, i.e. 0x800 and so on, then passing it up the stack. Now if someone or something is doing some kind of header filtering or type checking and throwing away unknown packets types, I'm screwed.
If the later is the case then I need to be lower then a dlil interface filter.
If there is a problem with where I have my packet capture/filtering setup I would really appreciate any comments to eliminate some 'throw' away work.
Thanks Carl
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com