Subject: Re: divert socket?
To: Hubert Feyrer <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 10/24/2001 22:05:56
In some email I received from Hubert Feyrer, sie wrote:
> On Wed, 24 Oct 2001, luke wrote:
> > Does NetBSD has mechanism similar to divert socket in FreeBSD or
> > iptables QUEUE target in Linux?
> > I want to convey some packets from kernel to user space applicatoin which is
> > an intrusion detection system(IDS).
> > If IDS finds malicious packets, it will drop them, otherwise, it will pass
> > them to kernel again.
> I don't know about divert sockets, but I see two alternatives:
> 1) the standard bpf interface as used e.g. by IDS systems like
> snort (it's in pkgsrc)
divert isn't as lossy as bpf is.
> 2) the tun(4) tunnel device
how would you do that?