On Mon, Nov 24, 2003 at 10:51:22PM +0100, Kifah Abbad wrote: > How about if i use IP-V6? would that give me more space? comparible to > space i have using pf-tagging? (in comparison to the 4 bits given by > TOS)
IP (or TCP) options would have enough space. If you need to do it in userland, a raw socket as sender and bpf as receiver should work. As was already suggested, you can use 'block log' in pf to get specific traffic dropped and sent to /dev/pflog, where a bpf listener can pick it up, add the options and forward it through the raw socket. The existing pf tagging will be of little or no use in this case, if you want to do it in kernel. Adding an mbuf tag (which is not transmitted) and adding information to a packet is not the same thing. Daniel
