mark packets for further processing via iptables/tc ?

["Gerd Feiner" <g.feiner () cablesurf de>]

hi there,

I am new to this list and did a search on the archives prior to posting
my question.  However, I can't seem to find the solution to my problem.

Let me explain what i want to achieve:

I want (if somehow possible) use SNORT to investigate traffic on my
internet-link for a very special purpose.  I'd like to seek for
P2P-traffic (kazaa, morpheus, edonkey, etc.) and then -mark- the
matching packets so that I can shape them with the tc-command.

For that purpose, however, the packets must be marked in the same way
iptables does - tc has a filter for fw-marked packets.

Now, I read the FAQ and found something about Guardian and automagically
blocking packets - but that's not what I want.  Did I miss something on
Guardian's abilities or is there another way of achieving this?

However, since that Guardian is an additional step in the process, I'd
rather like to avoid it.  Would be very nice if SNORT could mark packets
like iptables natively - and would also add a great deal of flexibilty.

Thanks in advance.

-g



-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users