Intercepting IPv6 ND packets
Intercepting IPv6 ND packets
- Subject: Intercepting IPv6 ND packets
- From: Jonathan Wood <email@hidden>
- Date: Tue, 1 Nov 2005 11:29:35 -0800
I am seeking advice on the best way to go about intercepting IPv6
neighbor discovery packets (i.e. NS, NA, RS, RA, redirect).
I need to intercept these packets, pass them to a user space program
for verification and possible modification, and depending on the
results of the user space processing, either pass them back to the
kernel for delivery or drop them. The interception point should be
between the IP stack and the network device. Outgoing packets should
be generated by the IP stack, intercepted, and either passed on the
the network device or dropped. Incoming packets should be come from
the network device, intercepted, and either passed to the IP stack or
dropped.
Something like ipfw feeding a divert socket would be probably work,
but as far as I can tell divert sockets are not supported for IPv6.
The reason the packets need to be processed in user space is because
the processing involves asymmetric crypto, X509 certificate chain
processing, and lots of ASN.1.
What is the best way to do this in OS X?
Thanks,
Jonathan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden