On Thu, Sep 12, 2013 at 2:50 AM, Henning Brauer <[email protected]>wrote:
> * sven falempin <[email protected]> [2013-09-11 22:30]: > > At his point <<struct pf_state **sm>> is available. > > Lets assume pf_state got a "struct pf_osfp_enlist l_osfp" > > To get back the info from userland, doing > > > > Would a diff like this hurts ?????? > > everything that grows the state hurts (last not least hurts > performance), so it has to be truly worth it. > I don't see that in this case. > > What about a separate system then ? Like logging the fp and the source IP from pf_osfp_fingerprint_hdr ? Or do someone have something else in mind to reach the goal ?
