Re: deep packet inspection

[Daniel Carneiro]

In Linux Snort-Inline gets its packets from IPTables by libipq/ip_queue. 
How would a port of snort_inline get its packets from pf to userland and 
return it?
I know that in FreeBSD you could do it by Divert socket. But I don't 
know of something like it in OpenBSD.
What would be the best way? tun, rdr??

Alexey E. Suslikov wrote:

SPADE

Spade stands for the Statistical Packet Anomaly Detection Engine.
It is a Snort preprocessor plugin which sends alerts of anomalous
packet through standard Snort reporting mechanisms.
http://www.silicondefense.com/software/spice/index.htm