should I be using sockets or packet capture? perl -
i'm trying spec out foundations server application who's purpose to..
1 'receive' tcp and/or udp packets
2 interpret contents (i.e. header values)
to add more detail, server receive 'sip invites' , respond '302 redirect'.
i have experience net::pcap , perl, , know achieve looping filtered packets, decoding , using net::sip respond.
however, there's lot of bloat in both of these modules/applications don't need. server under heavy load, , if run tcpdump on it's own, loses packets in kernel due server load, worry wont appropriate :(
should able achieve same thing 'listening' on socket (using io::socket example) , decoding packet?
unfortunatly debugging, it's hard tell if io::socket give me opportunity see raw packet? , instead automatically decodes message readable format!
tl;dr: want capture lots of sip invites, analyse head values, , respond sip 302 redirect. there better way using tcpdump (via net::pcap) achieve this?
thanks, moose
is there better way using tcpdump (via net::pcap) achieve this?
yes. using libpcap (that's meant instead of tcpdump in question) bad way implement tcp-based service, have reimplement of tcp (libpcap gives raw network-layer packets), and packets program gets also delivered internet protocol stack on machine, so:
- if there's nothing on machine listening on tcp port other machines trying connect, connection requests rst tcp code , think connection attempt failed;
- if there is on machine listening on port, it'll accept connection, , , program both try communicate other machine, confuse its tcp stack , cause various bad , random things happen.
it's not better udp:
- if there's nothing on machine listening on udp port other machines trying connect, connection requests icmp port unreachable message udp code, may make think connection attempt failed;
- if there is on machine listening on port, it'll accept connection, , , program both try communicate other machine, confuse its sip stack , cause various bad , random things happen.
io:socket
not give raw packets, , that's good thing; won't have implement own ip , tcp/udp stack. if goal implement redirect server on machine, have no need receive raw packets; want receive sip invites lower-level processing done machine's ip/tcp/udp stack.
if have sip implementation on machine, , want act "firewall" it, that, invites, send 302 redirect , prevent sip implementation on machine ever seeing invites in question, need use same mechanism particular os uses implement firewalls. there no libpcap-like wrapper mechanisms, far know.
Comments
Post a Comment