ulog (iptables) version of net-analyzer/fprobe ... it's supposedly more efficient but the main reason for using this instead of fprobe would be because you can place it _after_ DNAT, but before SNAT. With fprobe you're sniffing either before DNAT, or after SNAT. In some situations this is undesirable (specifically if I want to see how traffic flowed over my box instead of into ot out of). pcap can't make this distinction.
Created attachment 99190 [details] fprobe-ulog-1.1.ebuild *sigh* inet in ZA sucks. Finally, ebuild attached. This obviously depends on having iptables installed and working in order to work, but this is not a dependency in order to compile and run fprobe-ulog, as such I haven't listed it as a dependency in the ebuild.
- The ebuild header is invalid
- The ebuild header is invalid¹ [1] http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=3 - Did you test all keyworded acrhitecture? - When it's libpcap based, what's with the dependency?
Created attachment 99191 [details] fprobe-ulog-1.1.ebuild Oops, just copied ebuild from net-analyzer/fprobe ... Ok, header fixed. Removed untested arches, will hopefully test amd64 sometime this week. fprobe is pcap based, fprobe-ulog is ulog (iptables) based. Reworded the description to better indicate it's relation to fprobe.
compiles just fine on uclibc.
compiles like a charm on amd64
compiles fine on i386
Available in my overlay: http://code.google.com/p/barzog-gentoo-overlay/ With startup and config scripts.
https://lore.kernel.org/netfilter-devel/1405681272-4994-5-git-send-email-pablo@netfilter.org/ Not going to happen.