From owner-freebsd-security  Thu Sep 27  7:59:45 2001
Delivered-To: freebsd-security@freebsd.org
Received: from malraux.matranet.com (malraux.matranet.com [194.117.213.2])
	by hub.freebsd.org (Postfix) with ESMTP id A329E37B401
	for <security@FreeBSD.ORG>; Thu, 27 Sep 2001 07:59:41 -0700 (PDT)
Received: by malraux.matranet.com; id RAA09268; Thu, 27 Sep 2001 17:00:13 +0200 (CEST)
Message-Id: <200109271500.RAA09268@malraux.matranet.com>
Date: Thu, 27 Sep 2001 17:05:04 +0200
From: Laurent Fabre <fabre@matranet.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010924
X-Accept-Language: en-us
MIME-Version: 1.0
To: Brett Glass <brett@lariat.org>
Cc: Will Andrews <will@physics.purdue.edu>,
	FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: LaBrea for BSD?
References: <20010924162750.24311@shalmaneser.thelbane.com> <4.3.2.7.2.20010925105333.04794430@localhost> <200109261355.PAA27232@malraux.matranet.com> <200109261904.VAA21740@malraux.matranet.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Brett Glass wrote:
> At 08:18 AM 9/26/2001, Laurent Fabre wrote:
> 
> 
>>I'm writing a new version of it because i think this little
>>piece of code is a good idea but it also lacks features.
>>I want to be able to emulate stacks behaviors on a OS basis
>>and try to speed up a bit the capturing process.
>>
> 
> What API are you using to get to the interface? I would think
> that divert sockets would be best because they can selectively
> route packets of interest out to userland for processing.
> 
> --Brett
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 
> 

I thought about it yup but....
The fact is I need to capture something lower than IP, just because
we need to monitor ARP request in order to acquire new IP addresses.
So all we got to do this as far as i know is BPF....
Maybe we could use netgraph :)
I wonder...never try this stream thingie, but it sounds nice.

By the way if anyone got an idea please do tell me :)


-- 
#--------------------------------------------#
#              Laurent Fabre                 #
#            fabre@matranet.com              #      /\    ASCII ribbon
#          EADS, Matranet Product Group      #      \/      campaign
#                                            #      /\	    against
# "foreach if-diff,                          #     /  \    HTML email
#  you need to re-make world...."            #
#--------------------------------------------#


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message