Netmap/divert socket capture: getting ipfw state? [porting from Linux, need NFLOG/NFQUEUE/ct functionality]
Luigi Rizzo
rizzo at iet.unipi.it
Wed Mar 11 17:50:30 UTC 2015
On Wed, Mar 11, 2015 at 4:27 PM, Igor 'Lo' (И.L.)
<bombsiteunrested at gmail.com> wrote:
> Hello,
>
> I currently plan to port one of my projects to FreeBSD from Linux,
> now it requires an intrusive way of packet capture (to avoid drops)
> and relies on a connection state tracking information from outside
> (e.g. Linux's conntrack)).
>
> So I need a way to capture some traffic based on predetermined ipfw(?)
> rules, then get the packets to userspace together with connection
> tracking state data from firewall.
>
> What are my options on FreeBSD?
code.google.com/p/netmap-ipfw/
is a userspace port of ipfw that runs on top of netmap (works on
FreeBSD and Linux)
which gives you a fast way to capture the data and pass them to
the next stage of processing e.g. through a netmap pipe.
cheers
luigi
>
> (Also, I'm fine with going down to kernel and communicating with my
> own userspace app with other means, as long as I don't have to add own
> connection tracker, but I'll prefer a pure userspace solution if
> possible).
>
> --
> cheers,
> Igor
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
--
-----------------------------------------+-------------------------------
Prof. Luigi RIZZO, rizzo at iet.unipi.it . Dip. di Ing. dell'Informazione
http://www.iet.unipi.it/~luigi/ . Universita` di Pisa
TEL +39-050-2211611 . via Diotisalvi 2
Mobile +39-338-6809875 . 56122 PISA (Italy)
-----------------------------------------+-------------------------------
More information about the freebsd-net
mailing list