From owner-freebsd-net@FreeBSD.ORG  Wed Mar 11 15:27:57 2015
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8C28EECF
 for <freebsd-net@freebsd.org>; Wed, 11 Mar 2015 15:27:57 +0000 (UTC)
Received: from mail-yh0-x22a.google.com (mail-yh0-x22a.google.com
 [IPv6:2607:f8b0:4002:c01::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49DF8DF9
 for <freebsd-net@freebsd.org>; Wed, 11 Mar 2015 15:27:57 +0000 (UTC)
Received: by yhnv1 with SMTP id v1so4821371yhn.2
 for <freebsd-net@freebsd.org>; Wed, 11 Mar 2015 08:27:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to:content-type;
 bh=jwjFlMH/XiwY1OJElcp/1ioamtHu0erOZQKh2hnIlbk=;
 b=gb/kjqpEweuy5ZGtvf6Re7XXnGBynJvHUALxUiLe/N/LcSAh8xSoa0gIk7ChIXkShc
 xIu6jP3k4cAdo1SdloFyn9mcINMPusPhRmxNA/YNL9jp1E389KlzXPcrZpEBmR7KQx8G
 3uJWpu2LYnFj8xAckQ39tKCum9q16WEHm6JNpzC8KrlxGzraF++TaLL26gFdP3rp8sxr
 Juqnemf82JqOmB4xK4GE0o/hrbNTZHgcqVRhLTlkscR8Khxx/GZpuCUUFCudPv1Vv+Jl
 Us4oGmha1Rt8WutYrY2A4UMYUybFvEp/Pay/scbKH27PGd5CQs1IpY/MRH+uR/wpeUTw
 nauQ==
X-Received: by 10.236.70.100 with SMTP id o64mr37175132yhd.94.1426087676299;
 Wed, 11 Mar 2015 08:27:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.170.106.132 with HTTP; Wed, 11 Mar 2015 08:27:16 -0700 (PDT)
From: =?KOI8-R?B?SWdvciAnTG8nICjpLkwuKQ==?= <bombsiteunrested@gmail.com>
Date: Wed, 11 Mar 2015 16:27:16 +0100
Message-ID: <CAMZz3NMYzWUnB8JoaRATKunoo2gpdgKE-fbG9cRgjQRmHcwa9Q@mail.gmail.com>
Subject: Netmap/divert socket capture: getting ipfw state? [porting from
 Linux, need NFLOG/NFQUEUE/ct functionality]
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 15:27:57 -0000

Hello,

I currently plan to port one of my projects to FreeBSD from Linux,
now it requires an intrusive way of packet capture (to avoid drops)
and relies on a connection state tracking information from outside
(e.g. Linux's conntrack)).

So I need a way to capture some traffic based on predetermined ipfw(?)
rules, then get the packets to userspace together with connection
tracking state data from firewall.

What are my options on FreeBSD?

(Also, I'm fine with going down to kernel and communicating with my
own userspace app with other means, as long as I don't have to add own
connection tracker, but I'll prefer a pure userspace solution if
possible).

-- 
cheers,
Igor