[Netnice-developer] NPF update + NPF application

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

dear netnice developers,

i've fixed a npf bug, which crashes the system at heavy load,
and commited the new kernel patch under freebsd/sys/.

i also worked on NPF and now you can check src/dst of a packet using NPF,
which is not possible with BPF. i provided a sample code under contrib/pcap,
and you'll see how it works.

mike, you may now use the interface, to extend the VIF class so that you
can tap a VIF and check process activity at a trunk VIF, not at leaf VIFs.
this sounds inefficient, but, you can apply filter (see line 185@pcap.c)
to filter out unnecessary packets. you may also want to integrate this with
your snort module. since it's an open problem which requires several design
decision, i'm glad to discuss the issue, either on-line, or off-line.

thanks!

-- taka