Subject: Re: divert socket?
To: Hubert Feyrer <>
From: Darren Reed <>
List: tech-kern
Date: 10/24/2001 22:05:56
In some email I received from Hubert Feyrer, sie wrote:
> On Wed, 24 Oct 2001, luke wrote:
> >     Does NetBSD has mechanism similar to divert socket in FreeBSD or
> > iptables QUEUE target in Linux?
> > I want to convey some packets from kernel to user space applicatoin which is
> > an intrusion detection system(IDS).
> > If IDS finds malicious packets, it will drop them, otherwise, it will pass
> > them to kernel again.
> I don't know about divert sockets, but I see two alternatives:
> 1) the standard bpf interface  as used e.g. by IDS systems like
>    snort (it's in pkgsrc)

divert isn't as lossy as bpf is.

> 2) the tun(4) tunnel device

how would you do that?