or a divert socket?
Ferruccio
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message
). Is there a particular way to read from a raw
socket or a
divert socket?
Take a look at the tcpmssd code in the ports/net collection. In a nutshell, the data
that
is read from the divert socket contains the IP header, typically followed by the
TCP/UDP header,
followed by the application data.
http
Hi hackers,
I've a daemon which create and open a divert socket, which is feeded by a 'tee rule'
in ipfw rulset; my doubt is: what is it passed to this socket? entire packet or at
least layer-3 information (tcp/udp/...)?
Regards,
Ferruccio
To Unsubscribe: send mail to [EMAIL PROTECTED
On Sun, 9 Mar 2003, Ferruccio Vitale wrote:
Hi hackers,
I've a daemon which create and open a divert socket, which is feeded
by a 'tee rule' in ipfw rulset; my doubt is: what is it passed to
this socket? entire packet or at least layer-3 information
(tcp/udp/...)?
it should get an IP
I just finnished writing a program which introduces a small random delay on the
sending times in tcp to prevent synchronization of windows. I did it with divert
sockets and ipfw.
The one problem is , I was planning on setting the random delay =RTT(1+x)/cwnd where
x is a random number.
which can listen to a specified divert(4)
socket and act on the incoming packets.
Specifically I want to direct all unwanted trafic from my ipfw rules
into the divert socket and have the program examine these packets
and when configured thresholds were exceeded take actions like:
Add
On Sat, Mar 16, 2002 at 09:57:46AM -0500, Robert Watson wrote:
Heh. I had something a little like that at one point -- it just acted as a
pass-through, but also logged in the pcap format. I thought someone had
done modifications to tcpdump to allow it to speak to divert sockets,
don't know
On Sat, Mar 16, 2002 at 09:57:46AM -0500, Robert Watson wrote:
Heh. I had something a little like that at one point -- it just
acted as a pass-through, but also logged in the pcap format. I
thought someone had done modifications to tcpdump to allow it to
speak to divert sockets, don't know
Here is something I miss a lot:
I would like a small program which can listen to a specified divert(4)
socket and act on the incoming packets.
Specifically I want to direct all unwanted trafic from my ipfw rules
into the divert socket and have the program examine these packets
and when
On Tue, 12 Mar 2002, Poul-Henning Kamp wrote:
Here is something I miss a lot:
I would like a small program which can listen to a specified divert(4)
socket and act on the incoming packets.
Specifically I want to direct all unwanted trafic from my ipfw rules
into the divert socket
nice idea.. procmail for packets.
On Tue, 12 Mar 2002, Poul-Henning Kamp wrote:
Here is something I miss a lot:
I would like a small program which can listen to a specified divert(4)
socket and act on the incoming packets.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with
what about a program - like snort - but instead of listening on an
interface, it would listen on your divert(4) socket. a setup like this
could actually help snort (or an other program) be more responsive.
i know that i have run into troubles with snort's flex-resp mechanism not
stopping
On Tue, Mar 12, 2002 at 11:49:53PM +0100, Poul-Henning Kamp wrote:
Here is something I miss a lot:
I would like a small program which can listen to a specified divert(4)
socket and act on the incoming packets.
There are a number of ports which may do something similar to what you
require.
into the divert socket and have the program examine these packets
and when configured thresholds were exceeded take actions like:
Add a blackhole route for a period of time to the source
IP to prevent any packets getting back to the attacker.
Add a blocking ipfw rule for incoming
Witthaya Panichprechakorn writes:
I use divert socket to captuer packets. I found that when
I capture a set of fragmented packets, there are 2 incoming reassembled
packets. The sin_port of sockaddr_in of the first packet is 0,
and of another packet is the port number, which it bound
Dear Sir,
I use divert socket to captuer packets. I found that when
I capture a set of fragmented packets, there are 2 incoming reassembled
packets. The sin_port of sockaddr_in of the first packet is 0,
and of another packet is the port number, which it bound to.
However, when the packet
16 matches
Mail list logo