On Thu, Sep 24, 2009 at 12:40 PM, Robert Burgess <[email protected]> wrote: >> As long as the destination IP address of the packets are not of the >> firewall then you shouldn't need a host-based firewall to drop the >> packets. > > It still has to drop them, though---I think---because I don't want the > packets forwarded on until I say so.
Assuming you do the forwarding in user space (ala tcpbridge) with libpcap then it won't be a problem. If you're doing the forwarding in the kernel, then you've got a big problem since by the time you read the packet via libpcap, chances are the kernel has already forwarded it on. >> Also, I forgot to mention that on some platforms, libpcap supports >> only sniffing packets going a certain direction (in our out the >> interface). You should use that API when possible as it will improve >> performance a good deal. > > That's pcap_setdirection, yes? Thanks! yep. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
