Date: Thu, 27 Jun 2002 13:45:17 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Arthur Peet <arthur.peet@toltec.biz> Cc: freebsd-net@FreeBSD.ORG Subject: Re: bpf/netgraph interaction Message-ID: <Pine.BSF.4.21.0206271343560.69706-100000@InterJet.elischer.org> In-Reply-To: <5.1.1.6.2.20020627122834.022c8f50@mail.toltecint.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Use the Source Luke! ether_input(ifp, eh, m) struct ifnet *ifp; struct ether_header *eh; struct mbuf *m; { struct ether_header save_eh; /* Check for a BPF tap */ if (ifp->if_bpf != NULL) { struct m_hdr mh; /* This kludge is OK; BPF treats the "mbuf" as read-only */ mh.mh_next = m; mh.mh_data = (char *)eh; mh.mh_len = ETHER_HDR_LEN; bpf_mtap(ifp, (struct mbuf *)&mh); } ifp->if_ibytes += m->m_pkthdr.len + sizeof (*eh); /* Handle ng_ether(4) processing, if any */ if (ng_ether_input_p != NULL) { (*ng_ether_input_p)(ifp, &m, eh); if (m == NULL) return; } /* Check for bridging mode */ if (BDG_ACTIVE(ifp) ) { struct ifnet *bif; [...] as you see, bpf copies are taken before netgraph processing.. and non-netgraph bridging occurs after that. On Thu, 27 Jun 2002, Arthur Peet wrote: > G'day. > > Can anyone explain the relationship between BPF and netgraph sockets? I am > trying to intercept packets destined for a process which is using BPF for > read and write operations on an interface (and drop not-so-good > packets). I can see all packets on the interface (using NgRecvData), > however I am unable to drop the bad packets (by not calling my NgSendData > function) as the process using BPF seems to be bypassing the netgraph > functions. > > Thanks, > > -Art > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206271343560.69706-100000>