On Wed, 20 Nov 2002 09:51, Oliver Neukum wrote:
> > It was originally done by Sebastian Kuzminsky. It basically uses the
> > kernel's packet filter (BPF) and socket code, via Libnet and libpcap. You
> > can get it from your friendly kernel.org mirror
> > (http://www.XX.kernel.org/pub/software/network/zcip/, where XX is your
> > country code).
> > In the longer term, it might be appropriate to move some of it (the
> > defend part of the claim-and-defend sequence) into kernel space. I don't
> > think it makes sense to have it all in kernel space.
> Definitely, however you've never convinced me how you do the arp related
> part in user space at all. It seems to me that you cannot do that unless
> you take all arp handling into user space.
The approach is that there are really two different things happening:
1. Detecting when someone is trying to use our IP
2. Generating an ARP packet (which might be set to our IP, depending on
whether we are claiming or defending)
The first part is easy, as long as you have BPF support. Consider that it is
just a peer to tcpdump, only we don't want all the packets.
The second part is OK, you just need to generate raw packets. The real
functionality is in net/packet/af_packet.c, although I use Libnet
in an attempt at portability.
It might help to think of it as generating a single ARP packet (or a packet
that has the ARP format, on the wire), rather than performing the ARP
http://linux.conf.au. 22-25Jan2003. Perth, Aust. I'm registered. Are you?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/