Date: Wed, 24 Nov 1999 17:31:30 -0500 From: "Louis A. Mamakos" <louie@TransSys.COM> To: "Rodney W. Grimes" <rgrimes@gndrsh.dnsmgr.net> Cc: ahl@austclear.com.au (Tony Landells), ipfw@freebsd.org, arch@freebsd.org Subject: Re: new IPFW Message-ID: <199911242231.RAA21036@whizzo.transsys.com> In-Reply-To: Your message of "Wed, 24 Nov 1999 14:08:47 PST." <199911242208.OAA46490@gndrsh.dnsmgr.net> References: <199911242208.OAA46490@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > [ using BPF for ipfw ] > > > > One concern I would have with that is that there are a lot of tools > > built on BPF that I would prefer to not be able to run on the firewall. > > > > Well, to be more accurate, I'd love to be able to run them on the > > firewall, but I don't want attackers to have access to them, and > > the safest option is to not even have support in the kernel for them > > (I can always plug in a separate sniffer if I really need it). > > Non-issue. The fcode engine is in net/bpf_filter.c, the bpf tapping > routings that actually get packets to/from the cards is in net/bpf.c. > > I din't mean to imply that the filtering should be done using the /dev/bpf > interface, just that the engine code for filtering could be reused. I've actually used the BFP engine for just such an application. It was on another platform (NeXTSTEP), and it was sorta a netgraph-like system, but all in user space. I used a BPF-based engine for such things as "firewall" type filtering, as well as classifing traffic for dial-on-demand and idle-timeout reset. It worked quite well. The one extension which would be valuable is more an extension of the BPF expression compiler rather than the engine itself; if would be valuable to be able to return a value from the BPF-engine program so that it could be acted on. The engine itself has this capability, but the existing tcpdump intended expression compiler doesn't currently have syntax to support it. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911242231.RAA21036>