Date: Thu, 27 Jun 2002 13:45:17 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Arthur Peet <arthur.peet@toltec.biz> Cc: freebsd-net@FreeBSD.ORG Subject: Re: bpf/netgraph interaction Message-ID: <Pine.BSF.4.21.0206271343560.69706-100000@InterJet.elischer.org> In-Reply-To: <5.1.1.6.2.20020627122834.022c8f50@mail.toltecint.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Use the Source Luke!
ether_input(ifp, eh, m)
struct ifnet *ifp;
struct ether_header *eh;
struct mbuf *m;
{
struct ether_header save_eh;
/* Check for a BPF tap */
if (ifp->if_bpf != NULL) {
struct m_hdr mh;
/* This kludge is OK; BPF treats the "mbuf" as read-only
*/
mh.mh_next = m;
mh.mh_data = (char *)eh;
mh.mh_len = ETHER_HDR_LEN;
bpf_mtap(ifp, (struct mbuf *)&mh);
}
ifp->if_ibytes += m->m_pkthdr.len + sizeof (*eh);
/* Handle ng_ether(4) processing, if any */
if (ng_ether_input_p != NULL) {
(*ng_ether_input_p)(ifp, &m, eh);
if (m == NULL)
return;
}
/* Check for bridging mode */
if (BDG_ACTIVE(ifp) ) {
struct ifnet *bif;
[...]
as you see, bpf copies are taken before netgraph processing..
and non-netgraph bridging occurs after that.
On Thu, 27 Jun 2002, Arthur Peet wrote:
> G'day.
>
> Can anyone explain the relationship between BPF and netgraph sockets? I am
> trying to intercept packets destined for a process which is using BPF for
> read and write operations on an interface (and drop not-so-good
> packets). I can see all packets on the interface (using NgRecvData),
> however I am unable to drop the bad packets (by not calling my NgSendData
> function) as the process using BPF seems to be bypassing the netgraph
> functions.
>
> Thanks,
>
> -Art
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206271343560.69706-100000>