P.S according to the little knowledge I have netfilters decide the fate of the
packet by looking at the header not the data, but I need the data to decide
what to do with the packet.> Date: Mon, 10 Nov 2008 08:35:01 -0800> From:
[EMAIL PROTECTED]> To: [EMAIL PROTECTED]> CC: [EMAIL PROTECTED];
[email protected]> Subject: Re: [Bridge] Modifying All Packets
passing through the bridge!> > On Mon, 10 Nov 2008 17:02:34 +0500> Fahim Akhter
<[EMAIL PROTECTED]> wrote:> > > > > Thanks a lot for the quick replies. > > > >
I tried doing it with Bridging Hooks. Rather in the Bridge. I wrote a script
with was used to modify the packets if not already modified which was placed in
/net/bridge/br_forward.c br_forward() and the packets were listened and
encrypted in /net/bridge/br_forward.c should_deliver(). The enmcryption keys
and status were travelling fine. But upon analyzing the packet. On the
receiving end using a Windows Based packet Analyzer. I got to know that only
ARP broadcast packets were being modified.> > > > I found an old code which
used kernel 2.4 used for encryption. The encryption was done in
/net/bridge/br_input.c br_handle_frame(). I did all the usual stuff there but
still now effect its still only modifying the ARP packets.> > > > The ethernets
are running in promiscous mode, the settings are default and the bridge works
fine. Except for the fact it doesn't encrypt. > > > > It's taken me a while to
get to this point. This being my first linux project. Hope I get a solution
which takes me forward from this instead of starting from the start...> Date:
Mon, 10 Nov 2008 15:58:05 +0530> From: [EMAIL PROTECTED]> To: [EMAIL
PROTECTED]> Subject: Re: [Bridge] Modifying All Packets passing through the
bridge!> CC: [email protected]> > On Mon, Nov 10, 2008 at 11:57
AM, Fahim Akhter <[EMAIL PROTECTED]> wrote:> > The Link> >
https://lists.linux-foundation.org/pipermail/bridge/2008-October/006074.html> >
, is about capturing packets and sending to user space. Speed is important> >
in my current scenario. Is there anyway I can do everything in kernel> >
specially by hacking or tweaking the already kernel space. Instead of socket> >
programming and capturing packets at ethernet?> > That message also talks about
the case where userspace will not give> you enough performance. The thing to do
then would be to write a> network d> river which sits on top of a real network
device and> processes the packets before passing it on in either direction.
Look> for the vlan and bonding drivers for examples. Or maybe you could use>
the netfilter hooks in bridging, if your use of this encrypted link is>
restricted to being between bridges.> >
_________________________________________________________________> > Explore
the seven wonders of the world> >
http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE> > >
Use ebtables, and write a netfilter module to do what you want.> There is no
reason to mess wit the bridging infrastructure to do this.> > Netfilter is the
way to do all the kinds of analysis, filtering, and packet> mangling you might
want.
_________________________________________________________________
Explore the seven wonders of the world
http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
_______________________________________________
Bridge mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/bridge
