For reasons unknown, my mind was wandering down strange paths and came up with the idea of being able to attach a pf-packet socket to any of the packet filtering hooks.
This would potentially allow you to have a program "sniff" packets from any such hook defined in solaris using a socket API. Work required? Invent a new ioctl for PF_PACKET. What does it gain over using straight pf-packet? Well, it provides a socket method, rather than dlpi method, for sniffing on ipnet devices. By moving the "sniff" point up the stack, the packets that are presented via pf-packet change and become subject to classification rules. What are the advantages over what we have now... hmmm.... I'm not sure if there are a lot... But it would allow someone to sniff only the packets that are being routed through the system, rather than those entering or leaving it. That's something that I don't think can be done anywhere else. Thoughts? Useless? Worthwhile? Darren _______________________________________________ networking-discuss mailing list [email protected]
