From owner-freebsd-net@FreeBSD.ORG Wed Mar 11 17:50:30 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C0C50BCF for ; Wed, 11 Mar 2015 17:50:30 +0000 (UTC) Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3C395187 for ; Wed, 11 Mar 2015 17:50:30 +0000 (UTC) Received: by labmn12 with SMTP id mn12so10594057lab.0 for ; Wed, 11 Mar 2015 10:50:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=HNhtj+g1Ze7haDLRNfTKlp2TjMqtZm+9M7NTBTfYMXk=; b=kdUQ8BUyuoL5/ScdvlKCWPbeZJPedoUdNblqf/fZJWVipTsHRSiulLtEGIfy+/UPhx 1WatM6kdiUpnvXeLjVY0mec1YedudsWaqPETFSUOcxFIHahSqbr3leTPiXOE+rrf7NK8 Bd3q0TuPdszAJ5lqr8YMBkYXLHaJMgVPLLhEBMSXharnrGm/R2W5myq7apgXElvcZCqb PqpiLoN83FGMjPKcJkxvq5afos/OcwRym2nlwJTYBl37ZPZtKsrltrHUQYSQ3dPfXkxj onw4Xm4EOV9yQKHAoxwAjRN/Sek93uQ4gcpDOydf4hDWTvuUinbcqznHDoJ2wARf+QXL eHWg== MIME-Version: 1.0 X-Received: by 10.152.1.70 with SMTP id 6mr12619662lak.83.1426096228192; Wed, 11 Mar 2015 10:50:28 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.114.180.4 with HTTP; Wed, 11 Mar 2015 10:50:28 -0700 (PDT) In-Reply-To: References: Date: Wed, 11 Mar 2015 18:50:28 +0100 X-Google-Sender-Auth: NXP0_z4voKi-tpBequhH2MOqR1A Message-ID: Subject: Re: Netmap/divert socket capture: getting ipfw state? [porting from Linux, need NFLOG/NFQUEUE/ct functionality] From: Luigi Rizzo To: =?UTF-8?B?SWdvciAnTG8nICjQmC5MLik=?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2015 17:50:30 -0000 On Wed, Mar 11, 2015 at 4:27 PM, Igor 'Lo' (=D0=98.L.) wrote: > Hello, > > I currently plan to port one of my projects to FreeBSD from Linux, > now it requires an intrusive way of packet capture (to avoid drops) > and relies on a connection state tracking information from outside > (e.g. Linux's conntrack)). > > So I need a way to capture some traffic based on predetermined ipfw(?) > rules, then get the packets to userspace together with connection > tracking state data from firewall. > > What are my options on FreeBSD? code.google.com/p/netmap-ipfw/ is a userspace port of ipfw that runs on top of netmap (works on FreeBSD and Linux) which gives you a fast way to capture the data and pass them to the next stage of processing e.g. through a netmap pipe. cheers luigi > > (Also, I'm fine with going down to kernel and communicating with my > own userspace app with other means, as long as I don't have to add own > connection tracker, but I'll prefer a pure userspace solution if > possible). > > -- > cheers, > Igor > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --=20 -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+-------------------------------