From owner-freebsd-questions@freebsd.org  Thu Jul 11 14:51:21 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F43B15D5674
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 11 Jul 2019 14:51:21 +0000 (UTC)
 (envelope-from kudzu@tenebras.com)
Received: from mail-yw1-xc2f.google.com (mail-yw1-xc2f.google.com
 [IPv6:2607:f8b0:4864:20::c2f])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 18F7C82843
 for <freebsd-questions@freebsd.org>; Thu, 11 Jul 2019 14:51:20 +0000 (UTC)
 (envelope-from kudzu@tenebras.com)
Received: by mail-yw1-xc2f.google.com with SMTP id f187so3940421ywa.5
 for <freebsd-questions@freebsd.org>; Thu, 11 Jul 2019 07:51:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=tenebras-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
 bh=he2UAGCqLcpwoDhkD14CPUhZdE2ZR93LG4jUgAOqDOs=;
 b=dbSfJRvqrhWIj0p8FhkKAmFKyD9NaqKb+T7fllyvQ9qDakf5jYEb2T5gGjZz+Zm219
 YBAGTVVolV/SE4kjSXrVsHjmVU9zLID6G5KhrbB+vDPFZTZ71eagQ6q0GnhgfRttQ/us
 YB1uJWQDWtP61bOZxMJDkGdBSUDLsDT8mbDi44Uig2KgoYfD5OvLNf6fPe0j2dbd5gK4
 wBSt0J2ySJFxhhoOh/tSK6GC2w7saQvDFIBxLz+oEbQfK68i2SEEsk6xc7qOuA0wc026
 1HNFIqEyfz66rvYc8imVEW5r87ci5jRRKThcA+zhi3NaIMgF7lYo90fg5sB38C1TyBhL
 j51A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to;
 bh=he2UAGCqLcpwoDhkD14CPUhZdE2ZR93LG4jUgAOqDOs=;
 b=MnnvNexeLn0lMiuIbLIFjPXUGVuKCo7LswArPnqiGFzYfiCNyjJtBU7fdF6YG9k5NQ
 +OZxEklr/l0SgpHO58G0iydOZvMTz+H4Qc45cxqKn/Fg5C2vlUZchD01Wkt+HwBRHtTu
 Ipi2JPfLe16pV4ezC0Pt7dRAxCZfzkD68/vTGnypEZ43fiDm+Xz+dLG4BRnMV4m/QTLA
 sLUJDbe27lOa9NDCmcapGdRJoICvCHDXM15/mDsFSRoKcGHaOLs7RgubGoBdY+G1rXGs
 gv+Mk0ao7ccWyfJLGWyyCak16F8Q99r4/T3DK+svZbDLHTOUcg6yfid+VmpNmQHgPIOp
 91qA==
X-Gm-Message-State: APjAAAXlVBaer049LRQ6jybx1uvf+XixH5UCRRStCwkp0c4zMyBAw9zy
 5GXBFinudNW8nZ9JBYh+QsNvbBh1oDobasAkIk90XpjkQPpPoQ==
X-Google-Smtp-Source: APXvYqwgbolO/QgLB0X08PLl9XXtUzp/gdm5IkYMhh9wKzxst1zUg4lrEHCOd97qMbBzpZnQ4C+vO3rnf0Drru8LLGw=
X-Received: by 2002:a37:7d1:: with SMTP id 200mr2298038qkh.96.1562856678980;
 Thu, 11 Jul 2019 07:51:18 -0700 (PDT)
MIME-Version: 1.0
References: <CAPORhP4zh--Qk1VBaAm+-NHG_-7JWUS4sbq9+0qTucMgv9eYAA@mail.gmail.com>
 <5D260D95.4040606@gmail.com>
 <CAPORhP5KY0Ry_bt-5+LLEnRhwxN+r6DfTY4jC74-n+41pFzrpA@mail.gmail.com>
In-Reply-To: <CAPORhP5KY0Ry_bt-5+LLEnRhwxN+r6DfTY4jC74-n+41pFzrpA@mail.gmail.com>
From: Michael Sierchio <kudzu@tenebras.com>
Date: Thu, 11 Jul 2019 07:50:42 -0700
Message-ID: <CAHu1Y73tf8qEaT4XyN0dN5hCwbbORFwHaezGvG1eaLwyBrs12Q@mail.gmail.com>
Subject: Re: p0f, bpf, and jail
To: freebsd-questions <freebsd-questions@freebsd.org>
X-Rspamd-Queue-Id: 18F7C82843
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=tenebras-com.20150623.gappssmtp.com header.s=20150623
 header.b=dbSfJRvq
X-Spamd-Result: default: False [-6.16 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[tenebras-com.20150623.gappssmtp.com:s=20150623];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 DMARC_NA(0.00)[tenebras.com]; RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(-3.01)[ip: (-9.36), ipnet: 2607:f8b0::/32(-3.18), asn: 15169(-2.44),
 country: US(-0.06)]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[tenebras-com.20150623.gappssmtp.com:+];
 MX_GOOD(-0.01)[alt1.aspmx.l.google.com,aspmx.l.google.com,aspmx2.googlemail.com,alt2.aspmx.l.google.com,aspmx3.googlemail.com];
 RCVD_IN_DNSWL_NONE(0.00)[f.2.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; NEURAL_HAM_SHORT(-0.85)[-0.847,0];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 14:51:21 -0000

p0f, tcpdump, etc. will not normally work in a jail =E2=80=93 this is by de=
sign.
The packet filter device is hidden, and not normally presented in the
DEVFS.

There are discussion in the Forums on how to do this. "bpf not available in
freebsd jail" is a useful Google search term.

On Thu, Jul 11, 2019 at 7:28 AM David Mehler <dave.mehler@gmail.com> wrote:

> Hello,
>
> I'm using FreeBSD 12 on amd64 hardware. p0f is passive os
> fingerprinting, what I'm wanting to do is determine by passively
> analyzing a connecting machines tcp stack what kind of machine it is,
> and based on that result add in an email header to the message. So,
> for example if someone connects to my system by means of an xp laptop
> and tries to send email, I'll know by that email header the type of
> connecting machine. Later down the antispam chain the antispam
> software can take an action most likely a silent drop, based on that
> header.
>
> Thanks.
> Dave.
>
>
> On 7/10/19, Ernie Luzar <luzar722@gmail.com> wrote:
> > David Mehler wrote:
> >> Hello,
> >>
> >> Is anyone using p0f in a jail on FreeBSD 12? I'm getting two errors
> >> one about bpf not being available, the other about how the jail is
> >> trying to sniff the host's network interface. The tcpdump-type
> >> expression is 'tcp dst 1515'
> >>
> >> Thanks.
> >> Dave.
> >> _______________________________________________
> >> freebsd-questions@freebsd.org mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >> To unsubscribe, send any mail to
> >> "freebsd-questions-unsubscribe@freebsd.org"
> >>
> >
> > I see you have gotten no replies. This maybe to the lack of any details
> > provided by you. You will get better results if you provide details
> > about what your trying to do, what hardware you are using and what
> > version of FreeBSD you are running. BY default bpf is disabled for
> > jails. Have no idea what pof is.
> >
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>


--=20

"Well," Brahm=C4=81 said, "even after ten thousand explanations, a fool is =
no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mah=C4=81bh=C4=81rata