Menu
▾
▴
[Snort-inline-users] pf divert sockets and OpenBSD
|
From: Will M. <wil...@gm...> - 2004-09-17 19:11:38
|
List, Any brilliant *BSD pf programmers out there have any bright idea's how we can get pf traffic sent to user space? The only thing I can find so far that looks somewhat useful is the pflog0 interface. From what I can see we can block out traffic, grab it from pflog0, rewrite it in user space and re-inject it via pcap or libnet. This is a really bad solution, and I really don't want to write an interface for snort_inline to use this. I'm taking suggestions...... Regards, Will |
