On Thu, Sep 11, 2003 at 11:32:28PM +1000, Damien Miller wrote: > On Thu, 2003-09-11 at 23:00, Daniel Hartmeier wrote: > > It would be cool if pf (some time in the future) had someway of passing > packets off to to a userspace inspection process before they were put > out on the wire or delivered locally. The inspection process could > interrogate the packets and tell pf if they were OK. After the userspace > process was no longer interested in the connection, it could > disassociate from it and exit. In a perfect world, the inspection > process would have the ability to modify these packets too (since I am > in wishlist mode, why stop? :) ) > > IIRC Linux netfilter has something like this with its "queue packet for > userspace" functionality.
also freebsd divert sockets i think. the problem with this approach is that you loose the stream, and have to inspect individual packets and do stream assembly in userland, or risk trivial attacks related to small or non-aligned packets (whisker had an option to send such streams iirc). I have been dreaming of passing assambled streams through the userland. I have not yet come up with a suitable design though. Can
