Link to home
Start Free TrialLog in
Avatar of braty
braty

asked on

capturing and manipulating packets in openbsd

Hi everyone,

i am currently doing my Thesis, and part of it includes the following
steps: (OS= OpenBSD 3.3, or 3.4).

It is based on following structure:


Client1-----------(fxp1)IPSEC-Bridge1(fxp0)---------------------(fxp0)IPSEC-Bridge2(fxp1)------Client2

I installed that using example of brconfig...now my major tasks are
ahead (changes to do):

Scenario: start a telnet session from client 1 to client 2


1. get packets getting in interface fxp1 from IP stack (kernelspace) and get each packet into
userspace

2. parsing or decoding the IP packets in user space.

3. changing the IP packet (adding a specific string to it, or to
payload,tagging it)

4. injecting packet back to IP stack .


Now i have been told i can do step 1 and 2 using tun device, or bpf
device.

How do i achieve the other steps?any code samples?
cheers
Avatar of Kent Olsen
Kent Olsen
Flag of United States of America image


Hi braty,

It's certainly odd (and scary) that someone claiming to be developing his Thesis has to come to EE for ideas on how to code something like this.  On top of that, the function has "security issue" stamped all over it.  I'm very tempted to suggest that either you're motives are less than pure, or 6 years of college have already been wasted.

But just in case, everything that you want to do is already being done as part of the linux base operating system.  You should be able to find it in the OpenBSD source code.


Kent
Avatar of braty
braty

ASKER

hey Kent,

You know my grandma always told me to keep silent, unless i am looking for, or have an answer to something. :-)

Well... first to make it clear, i am an electric engineering major, and my C-programming skills are not the best.

Second :"security worries" are accepted...it is this project is ofcourse for test and developement purposes...besides...the manipulated packets would be capsuled into ipsec frames.

Third...i appreciate your hint to the OpenBSD source code, i thought someone would have experienced something similar and would give a pointing to the relevant code.
I wouldn't want to go through 20 000 lines of code :-)

Cheers.
ASKER CERTIFIED SOLUTION
Avatar of Kent Olsen
Kent Olsen
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

Another very workable solution might be to build your functionality into the existing iptables code.  Iptables is already designed to inspect the packets and perform specific functions based on the information in the packet.  It seems that you could extend iptables so that "if the source address is a.b.c.d and the destination port is xx, then modify the packet.  (Or whatever other criteria you choose.)


Kent