[erlang-questions] low level packet access from erlang

Michael Santos michael.santos@REDACTED
Wed Apr 3 23:24:07 CEST 2013

On Wed, Apr 03, 2013 at 01:59:47PM -0400, Garry Hodgson wrote:
> i am building an experimental firewall of sorts,
> and need to be able to access incoming packets
> directly, so i can muck around with low level
> src/dst/ports/etc information. it looks like the standard
> modules handle the low level things for me, such that
> i by the time i see an incoming message, the low level
> details are lost.
> how can i arrange access to the lower level information
> (ignoring performance issues for now)?
> i see like mentioned a way in an old (2001) thread:
> http://www.trapexit.org/forum/viewtopic.php?p=4258&sid=4469db61020efe9100e1e1c2504bfc8c
> but the link to bluetail where his code was doesn't exist anymore.
> i've read the ei/pcap approach presented here:
> http://blog.listincomprehension.com/2009/12/erlang-packet-sniffer-using-ei-and.html
> but i don't want to just sniff packets, but intercept them.
> i'd appreciate any insights into how to tackle this.

It really depends on what level and which platforms you want to work
on. There are BSD raw sockets, the Linux PF_PACKET interface, BPF for
BSD and LSF for Linux, divert sockets, tun devices, tap devices ...

procket can handle all of those but assuming you just want to manipulate
the IP headers and don't want to worry about the ethernet framing,
maybe using a tun device would be the easiest way.

I wrote an Erlang tun/tap interface on top of procket:


I've tested the code on Linux, Mac OS X and FreeBSD. Supporting other
BSDs shouldn't be a problem. Adding Windows support is on my TODO list.

Once you've created an interface and set up the routing table, you can
simply read/write frames to the device.  Here is an example of using a tap
device to create the most insecure VPN ever over Erlang distribution:


Another example using a tun device:


sut sets up an RFC 4213 IPv6 over IPv4 tunnel. There is an example of
creating a basic stateless firewall here:


More information about the erlang-questions mailing list