Date: Fri, 1 Sep 2000 09:09:21 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Bill Fumerola <billf@chimesnet.com> Cc: Scott Blachowicz <scott@sabmail.rresearch.com>, Daryl Chance <dchance@valuedata.net>, FreeBSD IPFW <freebsd-ipfw@FreeBSD.ORG> Subject: Re: ipfw add exec(blah).... Message-ID: <Pine.NEB.3.96L.1000901090632.38524B-100000@fledge.watson.org> In-Reply-To: <20000828191926.O33771@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Aug 2000, Bill Fumerola wrote: > On Mon, Aug 28, 2000 at 04:13:44PM -0700, Scott Blachowicz wrote: > > > Well...ipfw can log to syslog and syslogd can run a command on receipt > > of messages - check 'man syslog.conf' for details. I'd guess that > > since the capability is already there in that form, it shouldn't be > > necessary to stick it in ipfw "itself". > > Yes. Matt Ayres and I discussed this today and we pretty much both agreed > that this would be the work of an external daemon monitoring the packet > count or looking for specific syslog type things. > > The logisitics of trying to make ipfw run a program isn't something I'd > like to think about either. Another possibility, if you don't mind overhead, is to have a daemon listening on an IPDIVERT of the relevant packets, and the daemon can perform whatever action is necessary. You're already going to have a transition to userland or even a userland context switch by virtue of the desire to exec, and managing it this way would provide access to the packet for the purposes of more complex decision making, as well as immediate notification as opposed to polling of counters or log entries. And depending on the requirements, the daemon could exec something, or perform the action directly itself, and optionally reinsert the packet for IP stack processing. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000901090632.38524B-100000>