drop in libnids like api?

Alfred Perlstein alfred at freebsd.org
Mon Dec 16 18:29:40 PST 2013

On 12/16/13, 4:28 PM, Juli Mallett wrote:
> Alfred,
> It's probably the "libuinet" component you're looking for, but that's 
> an active userland TCP stack, not a passive one.  That is, you can do 
> full TCP/IP with libuinet pretty easily, but you can't just hand it 
> packets and look at a stream you're intercepting.  It might be 
> possible to make it provide two half-connections for each connection 
> from the wire at some point, with data going into a socket and being 
> readable, but that functionality isn't there now.  I know there's some 
> interest in funding Pat Kelsey (who did the "libuinet" work) to do 
> that, but I don't think there's any roadmap for it.  I may also be 
> misunderstanding what you're using libnids to do.

I think you're right on point.

Basically what I need is the ability to write something like 
https://github.com/alfredperlstein/dsniff/blob/master/urlsnarf.c using 
wanproxy as a backend.

Specifically have a look at line 164 of the file at sniff_http_client(), 
this calls line 88 of that file (process_http_request()) each time a new 
packet comes in for a stream we are interested in.  It's relatively 
basic stuff to monitor streams.  Is it at all possible to do this using 
wanproxy libuinet?

If not is Pat available to chat about what needs to be done?

thank you,
> Thanks,
> Juli.
> On Mon, Dec 16, 2013 at 2:16 PM, Alfred Perlstein <alfred at freebsd.org 
> <mailto:alfred at freebsd.org>> wrote:
>     Hey a friend referred me to wanproxy as an alternative to libnids.
>     I'm wondering is there overlap in the functionality such that I
>     could drop it in place for the backend for dsniff's suit of utils,
>     specifically urlsnarf.
>     -Alfred
>     _______________________________________________
>     wanproxy mailing list
>     wanproxy at lists.wanproxy.org <mailto:wanproxy at lists.wanproxy.org>
>     http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20131216/7d522a95/attachment-0003.htm>

More information about the wanproxy mailing list