[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf for packet data?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: pf for packet data?
From: gabe f <gabe_1_(_at_)_mac_(_dot_)_com>
Date: Tue, 15 Jul 2003 14:54:06 -0400

Okay, thanks for the chroot lesson, but I am a little hazy on the line between kernel and user in the case of pf passing a packet buffer to a bpf/pcap program, like Ted Unangst suggested (if I understood his post, which I'm still not too sure about, still waiting for a reply). To me, that seems ideal in terms of flexibility an non-invasiveness in the pf code, and I can think one way in which the bpf/pcap process would only give a return code, and never see the real packet buffer, though that would really slow things down - making a copy of every packet for the userland filter to see. Uh, am I on the right track?

gabe

On Tuesday, July 15, 2003, at 06:05 AM, Henning Brauer wrote:

On Mon, Jul 14, 2003 at 11:08:43PM -0400, gabe f wrote:

how about on a bridging firewall?


you still want a userland proxy.

please think about it for a minute. you really do not want to handle
upper layer protocols liek ftp in the kernel. every problem in this
rather complex area leads to a disaster. in userland, the proxy runs
nicely chroot'd and without much privileges...


______________________________________________________________________
        Ode On A Sugar Sweet LAN

   I love my 'pooters, and my 'pooters love me.
   We're just a big digital family.

   Me and my 'pooters, we get along fine.
   I'm super tickled, my 'pooters are mine.
______________________________________________________________________

Follow-Ups:
- Re: pf for packet data?
  - From: gabe f

References:
- Re: pf for packet data?
  - From: Henning Brauer

Prev by Date: [Fwd: Returned mail: Quota exceeded]
Next by Date: Re: pf for packet data?
Previous by thread: Re: pf for packet data?
Next by thread: Re: pf for packet data?
Index(es):
- Date
- Thread

Visit your host, monkey.org