msantos
commented
6 years ago Is this a hardware bridge or a virtual bridge like openvswitch? Usually it is possible to sniff the bridge interfaces directly similar to tcpdump: tcpdump -i br0 ...
Closed boozelclark closed 6 years ago
msantos
commented
6 years ago Is this a hardware bridge or a virtual bridge like openvswitch? Usually it is possible to sniff the bridge interfaces directly similar to tcpdump: tcpdump -i br0 ...
boozelclark
commented
6 years ago It would be a software bridge using the OS. I would like to try and create a firewall using erlang pattern matching which would involve not just reading the traffic but also deciding to accept/drop/reject it. The more i think about it the only way i see this working is to write an erlang port for netfilter_queue.
msantos
commented
6 years ago Ok. pcap is intended more for packet capture and injection although it would be possible to make an out of band "firewall" with it that, for example, watches traffic and resets connections.
An interface to netfilter should work fine. Another approach is to use tuntap devices.
Here is an example of a firewall using a tap device: https://github.com/msantos/sut/blob/master/src/sut_fw.erl
And a simple example of a making switch: https://gist.github.com/msantos/7231332
boozelclark
commented
6 years ago Thanks very much!
Is there any way to use epcap "inline" where it can capture traffic transparently on a bridge? Or would i need to create a separate interface to NF_QUEUE?
Thanks,