[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using libpcap for gnunet-dns- and gnunet-exit-helpers?

From: Christian Grothoff
Subject: Re: Using libpcap for gnunet-dns- and gnunet-exit-helpers?
Date: Mon, 25 Nov 2019 14:43:35 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

Hi ng0,

I've used libpcap before, and do not believe libpcap would suffice, as
with libpcap we could get a copy of the traffic, but as far as I know
not prevent the original request from leaving the system (privacy issue
-- and the reply might then arrive before our own reply, thereby
preventing our reply from being processed).

If I'm wrong about that (maybe libpcap has features I'm not familiar
with), well, then I agree we should look more into libpcap.

Happy hacking!


On 11/25/19 1:28 PM, ng0 wrote:
> Hi folx,
> a while back I looked at how the helpers which use Linux-specific
> binaries (iptables) can be made more portable.
> Using pf(1) for ifdef(BSD) would've been a solution, but not
> necessarily one I would've liked because as far as I understand
> pf it would've required manual intervention by sys admins.
> In recent years
> (enough time passed to assume this is now widely enough supported)
> Linux switched to BPF (or rather eBPF) for in-kernel firewalls and
> other applications (I spare you the writeup, there are enough
> summaries on BPF and eBPF out there).
> While looking at the cross-system specific approach for this, I
> found libpcap. I still don't fully understand if it's usable enough
> to replace our use of execv'ing ip(1) + ifconfig(1) + iptables(1),
> I'm still reading and trying more trivial examples.
> Only caveat so far, we'd need to exclude Irix as it doesn't support
> libpcap.
> Other than that, libpcap supports a wide range of systems (and is
> included in the base of some), read more in the README of
> I hope someone on this list / of us has worked with libpcap before
> and knows if this could be used to achieve what we today handle with
> external binaries.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]