From: ng0
Subject: Using libpcap for gnunet-dns- and gnunet-exit-helpers?
Date: Mon, 25 Nov 2019 12:28:27 +0000

Hi folx,

a while back I looked at how the helpers which use Linux-specific
binaries (iptables) can be made more portable.
Using pf(1) for ifdef(BSD) would've been a solution, but not
necessarily one I would've liked because as far as I understand
pf it would've required manual intervention by sys admins.
In recent years
(enough time passed to assume this is now widely enough supported)
Linux switched to BPF (or rather eBPF) for in-kernel firewalls and
other applications (I spare you the writeup, there are enough
summaries on BPF and eBPF out there).
While looking at the cross-system specific approach for this, I
found libpcap. I still don't fully understand if it's usable enough
to replace our use of execv'ing ip(1) + ifconfig(1) + iptables(1),
I'm still reading and trying more trivial examples.
Only caveat so far, we'd need to exclude Irix as it doesn't support
Other than that, libpcap supports a wide range of systems (and is
included in the base of some), read more in the README of

I hope someone on this list / of us has worked with libpcap before
and knows if this could be used to achieve what we today handle with
external binaries.

