> On Sep 20, 2014, at 5:23 PM, [email protected] wrote: > > Hi Mike > >> On Sat, Sep 20, 2014, at 02:03 PM, Michael Rash wrote: >> Good question. While there isn't a specific config var to express this, you >> could likely accomplish what you want by either adding an IP alias like >> eth0:0 tied to the IP where you want fwknopd to sniff and then use PCAP_INTF >> for this interface. Or you could add a PCAP_FILTER statement like "ip <your >> preferred ip>". > > Between those two the PCAP_FILTER approach seems like it's in user-land and > higher-overhead. True? >
Agreed, yes. It would be best to intercept packets using calls that are as close to the metal as possible, so using an IP alias would be better. > If I add the PCAP_FILTER, the syntax is all one line, right? E.g. > > - PCAP_FILTER udp port 62201; > + PCAP_FILTER udp port 62201 ip <your preferred ip>; > > ? Yes, that should do it. Not at a system right now - you might need "host" instead of "ip" (don't remember off the top of my head). > >> I'll add something in for the next release to support your use case more >> naturally. Perhaps a new REQUIRE_DST var in access.conf. > > That'll be great, thanks! > > Just thinking out loud, since PCAP_INTFC is specified in fwknopd.conf, would > it make more sense to put it there, instead of access.conf? Something like > PCAP_IPADDR? > > Or extending PCAP_INTFC's spec to a comma-separated list, e.g. (in an absurd > case), > > PCAP_INTFC eth0:1.1.1.1,1.1.1.4;eth1:2.2.2.0/29; > If it is a libpcap function that makes this possible, yes. I suspect this isn't actually directly supported by libpcap though. Both approaches at the same time would be a good idea since different access stanzas might want different destination IP requirements. Thanks, Mike > ? > > Thanks > > Terry ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
