Subject: Re: divert socket?
To: luke <>
From: Andrew Gillham <>
List: tech-kern
Date: 10/24/2001 10:15:49
On Wed, Oct 24, 2001 at 07:38:00PM +0800, luke wrote:
> Hi all,
>     Does NetBSD has mechanism similar to divert socket in FreeBSD or
> iptables QUEUE target in Linux?
> I want to convey some packets from kernel to user space applicatoin which is
> an intrusion detection system(IDS).
> If IDS finds malicious packets, it will drop them, otherwise, it will pass
> them to kernel again.

I doubt it is what you want, but Squid (http proxy) supports running in
transparent mode with IP-Filter.  Packets are redirected by ipf to squid
and it grovels the NAT tables for details on the flow.  You might be able
to use a similar mechanism.