William, : >Don't route. Use the ethernet bridge driver and tcpdump. : : My problem is I need to modify the messages before passing them on. : Its my understanding, that if I bridge, its pretty difficult for my : application code to get hold of the messages. Not necessarily....but.... Use the bridging code and brouting OR Use proxy arp functionality (which would necessitate routing) AND Use transparent proxying techniques. You might need/want tproxy support [2]. Good luck, -Martin [0] http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png http://ebtables.sourceforge.net/ [1] http://linux-ip.net/html/ether-arp.html#ether-arp-proxy http://www.sjdjweis.com/linux/proxyarp/ http://lartc.org/howto/lartc.bridging.proxy-arp.html [2] http://www.balabit.com/products/oss/tproxy/ -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
