From owner-freebsd-current@FreeBSD.ORG  Sat Apr 17 01:36:15 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E8AAD16A4CE
	for <current@freebsd.org>; Sat, 17 Apr 2004 01:36:15 -0700 (PDT)
Received: from cell.sick.ru (cell.sick.ru [217.72.144.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 271DE43D49
	for <current@freebsd.org>; Sat, 17 Apr 2004 01:36:15 -0700 (PDT)
	(envelope-from glebius@cell.sick.ru)
Received: from cell.sick.ru (glebius@localhost [127.0.0.1])
	by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i3H8a7QE046603
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 17 Apr 2004 12:36:08 +0400 (MSD)
	(envelope-from glebius@cell.sick.ru)
Received: (from glebius@localhost)
	by cell.sick.ru (8.12.9/8.12.6/Submit) id i3H8a7WG046602;
	Sat, 17 Apr 2004 12:36:07 +0400 (MSD)
Date: Sat, 17 Apr 2004 12:36:06 +0400
From: Gleb Smirnoff <glebius@cell.sick.ru>
To: Mark Nipper <nipsy@tamu.edu>
Message-ID: <20040417083606.GE46266@cell.sick.ru>
References: <20040417074543.GB77469@ops.tamu.edu>
	<Pine.BSF.4.21.0404170052480.66312-100000@InterJet.elischer.org>
	<20040417081741.GA87909@ops.tamu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20040417081741.GA87909@ops.tamu.edu>
User-Agent: Mutt/1.5.6i
cc: Julian Elischer <julian@elischer.org>
cc: current@freebsd.org
Subject: Re: RFC: ported NetBSD if_bridge
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Apr 2004 08:36:16 -0000

On Sat, Apr 17, 2004 at 03:17:42AM -0500, Mark Nipper wrote:
M> 	Which, incidentally, was why I chose OpenBSD over FreeBSD
M> for the Snort box/firewall I was working on.  The bridge
M> manipulations made perfect sense the first time I looked at them
M> and PF did everything it could normally do (including the
M> redirects to localhost), even over a bridged interface.  I even
M> ended up in a debate with a die hard FreeBSD'er who was mumbling
M> about whipping up some code to provide similar functionality with
M> ng.  And I was like great, then go code it!  I'll just start
M> implementing this other solution now which already works and
M> required no coding on my part, which admittedly, is not my strong
M> suit.  Needless to say, I was finished first.

 You can play with ng_etf/ng_tee/ng_socket/ng_ksocket to inject 
traffic from bridge into userland towards snort.

 Just sit some time thinking of netgraph nodes and you'll find solution.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE