[erlang-questions] low level packet access from erlang

Garry Hodgson <>
Thu Apr 4 19:58:59 CEST 2013

wow. this looks great. you've built up a nice set of layers here.
i was just tinkering with procket when i saw this message.
guess i need to keep on tinkering.


On 04/03/2013 05:24 PM, Michael Santos wrote:
> On Wed, Apr 03, 2013 at 01:59:47PM -0400, Garry Hodgson wrote:
>> i am building an experimental firewall of sorts,
>> and need to be able to access incoming packets
>> directly, so i can muck around with low level
>> src/dst/ports/etc information. it looks like the standard
>> modules handle the low level things for me, such that
>> i by the time i see an incoming message, the low level
>> details are lost.
>> how can i arrange access to the lower level information
>> (ignoring performance issues for now)?
>> i see like mentioned a way in an old (2001) thread:
>> http://www.trapexit.org/forum/viewtopic.php?p=4258&sid=4469db61020efe9100e1e1c2504bfc8c
>> but the link to bluetail where his code was doesn't exist anymore.
>> i've read the ei/pcap approach presented here:
>> http://blog.listincomprehension.com/2009/12/erlang-packet-sniffer-using-ei-and.html
>> but i don't want to just sniff packets, but intercept them.
>> i'd appreciate any insights into how to tackle this.
> It really depends on what level and which platforms you want to work
> on. There are BSD raw sockets, the Linux PF_PACKET interface, BPF for
> BSD and LSF for Linux, divert sockets, tun devices, tap devices ...
> procket can handle all of those but assuming you just want to manipulate
> the IP headers and don't want to worry about the ethernet framing,
> maybe using a tun device would be the easiest way.
> I wrote an Erlang tun/tap interface on top of procket:
> https://github.com/msantos/tunctl
> I've tested the code on Linux, Mac OS X and FreeBSD. Supporting other
> BSDs shouldn't be a problem. Adding Windows support is on my TODO list.
> Once you've created an interface and set up the routing table, you can
> simply read/write frames to the device.  Here is an example of using a tap
> device to create the most insecure VPN ever over Erlang distribution:
> https://github.com/msantos/tunctl/blob/master/examples/vpwn.erl
> Another example using a tun device:
> https://github.com/msantos/sut
> sut sets up an RFC 4213 IPv6 over IPv4 tunnel. There is an example of
> creating a basic stateless firewall here:
> https://github.com/msantos/sut/blob/master/examples/basic_firewall.erl

Garry Hodgson
AT&T Chief Security Office (CSO)

"This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."

More information about the erlang-questions mailing list