Date: Wed, 11 Mar 2015 18:50:28 +0100 From: Luigi Rizzo <rizzo@iet.unipi.it> To: =?UTF-8?B?SWdvciAnTG8nICjQmC5MLik=?= <bombsiteunrested@gmail.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Netmap/divert socket capture: getting ipfw state? [porting from Linux, need NFLOG/NFQUEUE/ct functionality] Message-ID: <CA%2BhQ2%2Bix0yQ4LwnjUL4eS89h9UeENdiY82mEqGyN8pGwi7CtYQ@mail.gmail.com> In-Reply-To: <CAMZz3NMYzWUnB8JoaRATKunoo2gpdgKE-fbG9cRgjQRmHcwa9Q@mail.gmail.com> References: <CAMZz3NMYzWUnB8JoaRATKunoo2gpdgKE-fbG9cRgjQRmHcwa9Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 11, 2015 at 4:27 PM, Igor 'Lo' (=D0=98.L.) <bombsiteunrested@gmail.com> wrote: > Hello, > > I currently plan to port one of my projects to FreeBSD from Linux, > now it requires an intrusive way of packet capture (to avoid drops) > and relies on a connection state tracking information from outside > (e.g. Linux's conntrack)). > > So I need a way to capture some traffic based on predetermined ipfw(?) > rules, then get the packets to userspace together with connection > tracking state data from firewall. > > What are my options on FreeBSD? code.google.com/p/netmap-ipfw/ is a userspace port of ipfw that runs on top of netmap (works on FreeBSD and Linux) which gives you a fast way to capture the data and pass them to the next stage of processing e.g. through a netmap pipe. cheers luigi > > (Also, I'm fine with going down to kernel and communicating with my > own userspace app with other means, as long as I don't have to add own > connection tracker, but I'll prefer a pure userspace solution if > possible). > > -- > cheers, > Igor > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --=20 -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+-------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BhQ2%2Bix0yQ4LwnjUL4eS89h9UeENdiY82mEqGyN8pGwi7CtYQ>