Dear Sirs, I need to capture packets from some subset of interfaces (on a given Linux host), then: - log all the packets in the pcap format, which is the easy part - match the packets against a dynamically changing configuration and generate alarms on mismatch My software is notified about current configuration by a userspace application, probably using dbus, if it matters. So, the software should probably be a userspace application itself. I have read about possible approaches to achieve this, there are quite many: libpcap, PF_RING, netfilter/iptables probably with ulogd2. I just think that modifying iptables rules according to config changes would be quite complex (opposed to checking if a packet complies with the config or not). As I am not an experienced networking Linux developer, I would like to ask what would be the best approach from 1. Performance 2. Easy of implementation (the less/easier code, the better), in that order, point of view? Thank you, Marek -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
