<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 12/16/13, 6:33 PM, Juli Mallett
wrote:<br>
</div>
<blockquote
cite="mid:CACVs6=9LxNsys9YW37tGVUS=v4TEwdUe3hMNUB22+o7HuX=AXA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On Mon, Dec 16, 2013 at 6:29 PM,
Alfred Perlstein <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:alfred@freebsd.org"
target="_blank">alfred@freebsd.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="im"> <br>
<div>On 12/16/13, 4:28 PM, Juli Mallett wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Alfred,
<div><br>
</div>
<div>It's probably the "libuinet" component you're
looking for, but that's an active userland TCP
stack, not a passive one. That is, you can do
full TCP/IP with libuinet pretty easily, but you
can't just hand it packets and look at a stream
you're intercepting. It might be possible to
make it provide two half-connections for each
connection from the wire at some point, with
data going into a socket and being readable, but
that functionality isn't there now. I know
there's some interest in funding Pat Kelsey (who
did the "libuinet" work) to do that, but I don't
think there's any roadmap for it. I may also be
misunderstanding what you're using libnids to
do.</div>
</div>
</blockquote>
<br>
</div>
I think you're right on point.<br>
<br>
Basically what I need is the ability to write something
like <a moz-do-not-send="true"
href="https://github.com/alfredperlstein/dsniff/blob/master/urlsnarf.c"
target="_blank">https://github.com/alfredperlstein/dsniff/blob/master/urlsnarf.c</a>
using wanproxy as a backend.<br>
<br>
Specifically have a look at line 164 of the file at
sniff_http_client(), this calls line 88 of that file
(process_http_request()) each time a new packet comes in
for a stream we are interested in. It's relatively
basic stuff to monitor streams. Is it at all possible
to do this using wanproxy libuinet?<br>
</div>
</blockquote>
<div><br>
</div>
<div>Nope, not at this time, unless you're willing to
actually be an inline proxy instead, which is probably not
worth it since libnids exists.</div>
</div>
</div>
</div>
</blockquote>
<br>
Thanks, one of the issues we're having is the licensing of libnids,
it appears to be GPLv2, not even LGPL, so adding it to our product
seems to be a challenge.<br>
<blockquote
cite="mid:CACVs6=9LxNsys9YW37tGVUS=v4TEwdUe3hMNUB22+o7HuX=AXA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> If not is Pat
available to chat about what needs to be done?<br>
</div>
</blockquote>
<div><br>
</div>
<div>I've added him to the CC list explicitly, I'm sure he
has some thoughts on how possible it would be to adapt the
FreeBSD stack to support passive reception / read-only
connections.</div>
<div> <br>
</div>
</div>
</div>
</div>
</blockquote>
Thank you.<br>
<br>
-Alfred<br>
</body>
</html>