[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

userland packet filtering



I was curious if anyone had any opinions on what would be the most
efficient and/or straightforward methods for implementing a userland
packet filter with OpenBSD, namely pulling packets out of the kernel
and putting them back in.  Specifically, it would be nice to have a
psuedodevice that can be configured to steal packets from any 
interface, then reinject them locally or into the routing code.

There's always bpf and tun, but I'm not sure they would be ideal in 
the long run.  If anyone can explain otherwise, please do.  

I think the development of userland firewall code would spur interest
in developing more sophisticated features.  If efficiency truly became
an issue, then time could be spent to port the code back into the 
kernel.


-- 
Brandin Claar
Network Analyst 
Penn State Applied Research Lab