[erlang-questions] low level packet access from erlang

Matthias Lang matthias@REDACTED
Wed Apr 3 20:56:02 CEST 2013


I have a copy of Luke's TUN/TAP code. I successfully used it many
years ago for some experiments, IIRC to study what TCP did on a lossy
network. Worked fine for me.

Luke's code is a thin layer over TUN/TAP, it's just one C file and one
.erl file. It lets you do two things: receive all packets on an
ethernet interface and send packets on an ethernet interface. It comes
with an example to get you started.

After a _quick_ look at Geoff's code, I think it's _functionally_ a
superset of Luke's. Geoff's "enet_eth_iface.erl" does pretty much the
same thing as Luke's "tuntap.erl". The rest of Geoff's code seems to
be more of the IP stack to let you do more complicated decoding, e.g. TCP.

Here's Luke's code, it'll be there until next time I clean up:

  http://corelatus.se/~matthias/luke_tuntap.tgz

Matt

--------------------

On Wednesday, April 03, Matthew Evans wrote:

> You could also look at procket:
> http://blog.listincomprehension.com/
> https://github.com/msantos/procket
>
> > From: nem@REDACTED
> > Date: Wed, 3 Apr 2013 11:06:14 -0700
> > To: garry@REDACTED
> > CC: erlang-questions@REDACTED
> > Subject: Re: [erlang-questions] low level packet access from erlang
> >
> > Hi there - I'm slowly building a TAP interface based library for networking at https://github.com/archaelus/enet -- some of the code might save you some time. You can send and receive packets with it, but it's missing a lot of mechanisms and infrastructure for making that easy.
> >
> > I've used the packet parsing code a bunch for pcap file analysis, and the generation code only a little to try and build an IP stack.
> >
> > The docs are non-existent but I'm more than happy to answer questions about the code.
> >
> > -Geoff
> >
> > On 2013-04-03, at 10:59 , Garry Hodgson <garry@REDACTED> wrote:
> >
> > > i am building an experimental firewall of sorts,
> > > and need to be able to access incoming packets
> > > directly, so i can muck around with low level
> > > src/dst/ports/etc information. it looks like the standard
> > > modules handle the low level things for me, such that
> > > i by the time i see an incoming message, the low level
> > > details are lost.
> > >
> > > how can i arrange access to the lower level information
> > > (ignoring performance issues for now)?
> > >
> > > i see like mentioned a way in an old (2001) thread:
> > > http://www.trapexit.org/forum/viewtopic.php?p=4258&sid=4469db61020efe9100e1e1c2504bfc8c
> > > but the link to bluetail where his code was doesn't exist anymore.
> > >
> > > i've read the ei/pcap approach presented here:
> > > http://blog.listincomprehension.com/2009/12/erlang-packet-sniffer-using-ei-and.html
> > >
> > > but i don't want to just sniff packets, but intercept them.
> > >
> > > i'd appreciate any insights into how to tackle this.
> > >
> > > --
> > > Garry Hodgson
> > > AT&T Chief Security Office (CSO)
> >
> >
> >
> >
> >
> > _______________________________________________
> > erlang-questions mailing list
> > erlang-questions@REDACTED
> > http://erlang.org/mailman/listinfo/erlang-questions
>

> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions




More information about the erlang-questions mailing list