[vbox-dev] vbox networking interception
Valdir Stumm Junior
stummjr at gmail.com
Mon Aug 25 10:25:45 PDT 2008
Firstly, I'll explain what I'm aiming to do. I need to intercept
network packets sent by a VirtualBox Guest OS, to log the
information(and do some transformation) if the communication is
ocurring between two guest OSs running over VBox. But I want to
intercept it before it pass through the TCP stack.
So, my first solution was to read the VBox source code and find out
how are made the network calls into vbox. If I'm not wrong, it's a
task made by slirp, in the source code
"vbox/src/VBox/Devices/Network/slirp/tcp_output.c" at "tcp_output"
Then, to intercept the call to memcpy() made by "tcp_output" function,
I'm using an interposition of memcpy, that logs the calls, gathering
useful data to my logger.
OK, let's directly to the problem. The interception is OK, but I'm
having some trouble to identify precisely what is a tcp operation and
what is not. I'm trying to identify a tcp header comparing the size of
the tcphdr struct with the data being written with memcpy(), but it's
not totally secure.
Does anybody have some idea of how can I do this?
More information about the vbox-dev