Subject: Re: divert socket?
To: luke <email@example.com>
From: Andrew Gillham <firstname.lastname@example.org>
Date: 10/24/2001 10:15:49
On Wed, Oct 24, 2001 at 07:38:00PM +0800, luke wrote:
> Hi all,
> Does NetBSD has mechanism similar to divert socket in FreeBSD or
> iptables QUEUE target in Linux?
> I want to convey some packets from kernel to user space applicatoin which is
> an intrusion detection system(IDS).
> If IDS finds malicious packets, it will drop them, otherwise, it will pass
> them to kernel again.
I doubt it is what you want, but Squid (http proxy) supports running in
transparent mode with IP-Filter. Packets are redirected by ipf to squid
and it grovels the NAT tables for details on the flow. You might be able
to use a similar mechanism.