On Mon, Mar 01, 2004 at 11:21:55PM +0100, Julien Bordet wrote: > As I said, there may a user land solution. Some kind of global user > space "advisor" daemon, helping packet filter to make complicated > decisions, for example.
Having a userland program doing blocking operations on kernel packet flow is not feasible. The way to do this is by completely passing the packets to the userland process, and having the userland process re-inject the packets. No real API change would be needed to do something like this. Configure PF to block and log the packets that you're interested in, and have a userland process that watches pflog and uses BPF to send out the packets that you actually want passed.