Hello,
I have a couple of scenarios I am curious about. If I have a PF rule to divert ALL tcp traffic to a IPPROTO_DIVERT socket, that is doing a recvfrom() and a sendto().
And another rule immediately following that PF rule that is doing a rdr of ALL tcp traffic to another network interface.
Can I be assured that if I have a SOCK_STREAM socket accept() traffic from the interface the rdr is pointing to, TCP connections will be accepted on that socket in the order they passed through the divert socket?
My goal here is to be able to be able to sniff or modify packets with the divert, reinject them, and have them then go through a normal TCP connection acceptation with the stream socket, this way I can read and write back and forth between the server and the client. I want to be able to correlate the packets I detected in the divert socket with connections established in the stream socket.
Thanks in advance
I have a couple of scenarios I am curious about. If I have a PF rule to divert ALL tcp traffic to a IPPROTO_DIVERT socket, that is doing a recvfrom() and a sendto().
And another rule immediately following that PF rule that is doing a rdr of ALL tcp traffic to another network interface.
Can I be assured that if I have a SOCK_STREAM socket accept() traffic from the interface the rdr is pointing to, TCP connections will be accepted on that socket in the order they passed through the divert socket?
My goal here is to be able to be able to sniff or modify packets with the divert, reinject them, and have them then go through a normal TCP connection acceptation with the stream socket, this way I can read and write back and forth between the server and the client. I want to be able to correlate the packets I detected in the divert socket with connections established in the stream socket.
Thanks in advance