Hacker News new | past | comments | ask | show | jobs | submit login
Dissecting OpenBSD's divert(4) (lteo.net)
69 points by fcambus on Jan 6, 2015 | hide | past | favorite | 3 comments

Check pf-diverters [1]. We are using them in our openbsd firewalls in order to block unwanted connections.

[1] https://github.com/echothrust/pf-diverters

There is a similar feature in Linux which I've used a number of times over the years to simulate various network problems, and to modify packets flowing through my router in interesting ways.

You can select packets to be sent to userspace with the "-j QUEUE" iptables target handler, and then read those packets using libnetfilter.

Cool, I run a pf firewall but this was news to me.

Anyone have any idea of the performance overhead? (Not that it really matters for me, just curious)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact