From owner-freebsd-questions@freebsd.org Thu Jul 11 14:25:31 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48DE215D49C1 for ; Thu, 11 Jul 2019 14:25:31 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 140F6814C1 for ; Thu, 11 Jul 2019 14:25:30 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-wr1-x42a.google.com with SMTP id g17so6535220wrr.5 for ; Thu, 11 Jul 2019 07:25:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CzD3KZkHSZb4lIYNUs931i9gUCwpUsZRSidq+S3TQn0=; b=R8a9/n12HvYVLFal3Hr3nYdvE/YFSuLKo2wzlqNBVAvHsEVyHekcA4SG5VvxzAmcm2 Dzp0LiRcSq7QaKkqHTvYY8rmCld445NQv1sJ/YFlt+roJlNNWGN/iZftAmNjA8sVNPQU hu5kmGRtg59BRevZnWoBvTH7DMAVdI8ioLwbrG0jUk7a7OGkFjdkDA0AEoaBdI/XAXN0 XyO+eZeOgIO3oYjYDoIKm3BmyeptMuUeDvpAqKnIkPPRDQYnieXMinZtHPM/wxiYxKFr kdjCNY04wcLT0pI9RVPNQSiH4FIaULyXsF1nLMZlMAbtiQxvKkh9kxwV5GfVruZmTvfe IE+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CzD3KZkHSZb4lIYNUs931i9gUCwpUsZRSidq+S3TQn0=; b=mDGRQPs22Fmr1Jy/fX2q/CcDKlRreIXu5BtnSD3RlUwmBmUFUEpcfejEbjir9l33E4 /pxWr/USOhnfeFNni3IOeBDz5soToIxBIttOvpUHBxRqS5CifGgRQFrIJtSl6ze7vE3k nINqVtSFV7FpvOTIc2swKYvIcccsTl//Q90OVnEt1cUKLC76aw9btEPsGKzstqQ5GBJ2 LhelyCBH2FjBfBLb7f3xpsgNOIIfXH7VilD7P9vVzepR7QCB2UQASjrtDySsIoxhDiWW tTnn6l0tSkUBwKuX1Viw/N+eF1BVX8r/+hxcp9EWZTABGQrKTLz6qXt1qTWLtH4vKctn 2mAA== X-Gm-Message-State: APjAAAWAT6TsrKwowT6v1XUAL8i5j3eBjtCZ7kfOeDXaVJLSd+n6U8vx d2EsEbAipK9PcmBjnf1SA06a7QPLnPU+yIHPqXE= X-Google-Smtp-Source: APXvYqzLyO2qeXMYfHAs702majNSmEpHIEHZcOhZH7DgwwgQOQ8tTrkz/KWTguXUCv7yBzetHVbD85ll2AaR73z64+U= X-Received: by 2002:a5d:4cc5:: with SMTP id c5mr5325357wrt.278.1562855128882; Thu, 11 Jul 2019 07:25:28 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:dc43:0:0:0:0:0 with HTTP; Thu, 11 Jul 2019 07:25:27 -0700 (PDT) In-Reply-To: <5D260D95.4040606@gmail.com> References: <5D260D95.4040606@gmail.com> From: David Mehler Date: Thu, 11 Jul 2019 10:25:27 -0400 Message-ID: Subject: Re: p0f, bpf, and jail To: Ernie Luzar Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 140F6814C1 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=R8a9/n12; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2a00:1450:4864:20::42a as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-6.82 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.84)[-0.840,0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[a.2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.97)[ip: (-9.47), ipnet: 2a00:1450::/32(-2.87), asn: 15169(-2.44), country: US(-0.06)] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 14:25:31 -0000 Hello, I'm using FreeBSD 12 on amd64 hardware. p0f is passive os fingerprinting, what I'm wanting to do is determine by passively analyzing a connecting machines tcp stack what kind of machine it is, and based on that result add in an email header to the message. So, for example if someone connects to my system by means of an xp laptop and tries to send email, I'll know by that email header the type of connecting machine. Later down the antispam chain the antispam software can take an action most likely a silent drop, based on that header. Thanks. Dave. On 7/10/19, Ernie Luzar wrote: > David Mehler wrote: >> Hello, >> >> Is anyone using p0f in a jail on FreeBSD 12? I'm getting two errors >> one about bpf not being available, the other about how the jail is >> trying to sniff the host's network interface. The tcpdump-type >> expression is 'tcp dst 1515' >> >> Thanks. >> Dave. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > > I see you have gotten no replies. This maybe to the lack of any details > provided by you. You will get better results if you provide details > about what your trying to do, what hardware you are using and what > version of FreeBSD you are running. BY default bpf is disabled for > jails. Have no idea what pof is. >