Unexpected behavior after altering inetsw[] switch table

Max Laier max at love2party.net
Sun Jun 11 12:52:25 UTC 2006 

On Sunday 11 June 2006 14:29, Shaun Colley wrote:
> Hi Max & group,
>
> > As you can see in netinet/in_proto.c, tcp does not use pr_output, but
> > calls
> > tcp_output() directly where needed.  Depending on what you want to achive
> > it
> > might be enough to hack up tcp_usr_send() and replace
> > tcp_usrreqs.pru_send instead.  Replaceing tcp_output() is not easily
> > possible. You could start with telling us what you *really* want to do so
> > we can point you to a workable option.
>
> Right, I'll start by telling you what I'm actually trying to achieve.
> Everytime an IP datagram with a TCP header is sent, I want to mangle (i.e.
> modify) part of the TCP packet and it's payload with 'random' data.
> Although this may sound a bit pointless, I want to do this to implement a
> form of dumb fuzzing, which is a form of stress testing used a lot in
> computer security.  Does that make a bit of sense?
>
> So I was attempting to modify the pr_output hook for TCP (which I now know
> isn't possible) and replace it with a ptr to my own hacked tcp_output
> routine.
>
> Can you see a way to do what I'm trying to achieve?

You should tap into the generic IP packet filter hook and modify the packet 
from there.  Look in netinet/ip_fw_pfil.c or contrib/pf/net/pf_ioctl.c for 
examples how to place a hook in there.  The PFIL_OUT hook is what you want 
and lets you see every packet sent outbound after IP header has been 
prepended.  You will have to do some parsing of the IP header to get to the 
TCP part, but ip_fw2.c and pf.c should offer enough information on how to do 
that.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20060611/8aa88150/attachment.pgp

More information about the freebsd-net mailing list