From owner-freebsd-hackers Tue Aug 13 20:24: 8 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DC5B37B400 for ; Tue, 13 Aug 2002 20:24:06 -0700 (PDT) Received: from april.chuckr.org (april.chuckr.org [66.92.147.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9ED2F43E3B for ; Tue, 13 Aug 2002 20:24:05 -0700 (PDT) (envelope-from chuckr@chuckr.org) Received: from april.chuckr.org (localhost [127.0.0.1]) by april.chuckr.org (8.12.5/8.12.5) with ESMTP id g7E3NYhH083200; Tue, 13 Aug 2002 23:23:35 -0400 (EDT) (envelope-from chuckr@chuckr.org) Received: from localhost (chuckr@localhost) by april.chuckr.org (8.12.5/8.12.5/Submit) with ESMTP id g7E3NXRu083197; Tue, 13 Aug 2002 23:23:34 -0400 (EDT) X-Authentication-Warning: april.chuckr.org: chuckr owned process doing -bs Date: Tue, 13 Aug 2002 23:23:32 -0400 (EDT) From: Chuck Robey To: Sean Hamilton Cc: Subject: Re: IP monitoring In-Reply-To: <000a01c2433c$b0e96620$f019e8d8@slugabed.org> Message-ID: <20020813231956.J497-100000@april.chuckr.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 13 Aug 2002, Sean Hamilton wrote: > Also, forgot to mention, I will need to look inside TCP streams, and know > which user owns them, and which packets pertain to which TCP stream, which > is why I was thinking a module would be more suitable. If I did this in user > space, I'd have to reconstruct the streams myself (but as I understand, that > isn't amazingly difficult.) If you do it in user space it's a lot easier to debug. It can be done, of course, in both places, but general IO is easy in userspace too (for user interaction, if you need it). You can also make such a thing portable in user space, which is hard to do in the kernel. The downside is, there's copies of the data to consider (more work to be done means less time to do it in), so you might have too much traffic under some conditions, depending on what you're doing. ---------------------------------------------------------------------------- Chuck Robey | Interests include C & Java programming, FreeBSD, chuckr@chuckr.org | electronics, communications, and signal processing. New Year's Resolution: I will not sphroxify gullible people into looking up fictitious words in the dictionary. ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message