Re: NetBSD packet filter

To: tech-net%netbsd.org@localhost
Subject: Re: NetBSD packet filter
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Wed, 9 Oct 2024 12:24:53 -0000 (UTC)

scole%sdf.org@localhost (S Cole) writes:

>I don't know how feasible these would be with npf, but mac-address
>filtering

npf is created as an IP filter and can only intercept IP packets,
so it has no idea about MAC addresses or other protocols.

>and user/uid (login id) or group/gid filtering would be nice
>to have.

That would be rather simple, by tagging packets on the socket
layer and making npf aware of the tags. I'm not sure how costly
that would be though.

References:
- NetBSD packet filter
  - From: Emmanuel Nyarko
- Re: NetBSD packet filter
  - From: S Cole

Prev by Date: Re: NetBSD packet filter
Next by Date: Re: That's how (why) BSD is dying (Was: BPF64)
Previous by Thread: Re: NetBSD packet filter
Next by Thread: Re: NetBSD packet filter
Indexes:

Home | Main Index | Thread Index | Old Index