drop in libnids like api?

Alfred Perlstein alfred at freebsd.org
Mon Dec 16 18:53:14 PST 2013 

On 12/16/13, 6:33 PM, Juli Mallett wrote:
> On Mon, Dec 16, 2013 at 6:29 PM, Alfred Perlstein <alfred at freebsd.org 
> <mailto:alfred at freebsd.org>> wrote:
>
>
>     On 12/16/13, 4:28 PM, Juli Mallett wrote:
>>     Alfred,
>>
>>     It's probably the "libuinet" component you're looking for, but
>>     that's an active userland TCP stack, not a passive one.  That is,
>>     you can do full TCP/IP with libuinet pretty easily, but you can't
>>     just hand it packets and look at a stream you're intercepting.
>>      It might be possible to make it provide two half-connections for
>>     each connection from the wire at some point, with data going into
>>     a socket and being readable, but that functionality isn't there
>>     now.  I know there's some interest in funding Pat Kelsey (who did
>>     the "libuinet" work) to do that, but I don't think there's any
>>     roadmap for it.  I may also be misunderstanding what you're using
>>     libnids to do.
>
>     I think you're right on point.
>
>     Basically what I need is the ability to write something like
>     https://github.com/alfredperlstein/dsniff/blob/master/urlsnarf.c
>     using wanproxy as a backend.
>
>     Specifically have a look at line 164 of the file at
>     sniff_http_client(), this calls line 88 of that file
>     (process_http_request()) each time a new packet comes in for a
>     stream we are interested in.  It's relatively basic stuff to
>     monitor streams.  Is it at all possible to do this using wanproxy
>     libuinet?
>
>
> Nope, not at this time, unless you're willing to actually be an inline 
> proxy instead, which is probably not worth it since libnids exists.

Thanks, one of the issues we're having is the licensing of libnids, it 
appears to be GPLv2, not even LGPL, so adding it to our product seems to 
be a challenge.
>
>     If not is Pat available to chat about what needs to be done?
>
>
> I've added him to the CC list explicitly, I'm sure he has some 
> thoughts on how possible it would be to adapt the FreeBSD stack to 
> support passive reception / read-only connections.
>
Thank you.

-Alfred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20131216/cb671d03/attachment-0003.htm>

More information about the wanproxy mailing list