[Bridge] Modifying All Packets passing through the bridge!

Fahim Akhter akhter.fahim at hotmail.com
Mon Nov 10 04:02:34 PST 2008


Thanks a lot for the quick replies. 
 
I tried doing it with Bridging Hooks. Rather in the Bridge. I wrote a script with was used to modify the packets if not already modified which was placed in /net/bridge/br_forward.c  br_forward() and the packets were listened and encrypted in /net/bridge/br_forward.c should_deliver(). The enmcryption keys and status were travelling fine. But upon analyzing the packet. On the receiving end using a Windows Based packet Analyzer. I got to know that only ARP broadcast packets were being modified.
 
I found an old code which used kernel 2.4 used for encryption. The encryption was done in /net/bridge/br_input.c br_handle_frame().  I did all the usual stuff there but still now effect its still only modifying the ARP packets.
 
The ethernets are running in promiscous mode, the settings are default and the bridge works fine. Except for the fact it doesn't encrypt. 
 
It's taken me a while to get to this point. This being my first linux project. Hope I get a solution which takes me forward from this instead of starting from the start...> Date: Mon, 10 Nov 2008 15:58:05 +0530> From: srinivas.aji at gmail.com> To: akhter.fahim at hotmail.com> Subject: Re: [Bridge] Modifying All Packets passing through the bridge!> CC: bridge at lists.linux-foundation.org> > On Mon, Nov 10, 2008 at 11:57 AM, Fahim Akhter <akhter.fahim at hotmail.com> wrote:> > The Link> > https://lists.linux-foundation.org/pipermail/bridge/2008-October/006074.html> > , is about capturing packets and sending to user space. Speed is important> > in my current scenario. Is there anyway I can do everything in kernel> > specially by hacking or tweaking the already kernel space. Instead of socket> > programming and capturing packets at ethernet?> > That message also talks about the case where userspace will not give> you enough performance. The thing to do then would be to write a> network driver which sits on top of a real network device and> processes the packets before passing it on in either direction. Look> for the vlan and bonding drivers for examples. Or maybe you could use> the netfilter hooks in bridging, if your use of this encrypted link is> restricted to being between bridges.
_________________________________________________________________
Explore the seven wonders of the world
http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/bridge/attachments/20081110/d12b405b/attachment.htm 


More information about the Bridge mailing list