Date: Sun, 01 Apr 2018 14:06:01 +0530 From: Reshad Patuck <reshadpatuck1@gmail.com> To: Eugene Grosbein <eugen@grosbein.net>,freebsd-net@freebsd.org Subject: Re: [netgraph] ng_bpf filter large list of IP addresses Message-ID: <36DD471B-D88D-4074-A4D3-A480F5EC2392@gmail.com> In-Reply-To: <5ABF973D.5070009@grosbein.net> References: <D4E00F05-F64D-4446-A572-E1A0E06B2C47@gmail.com> <5ABF973D.5070009@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Eugene,
=E2=80=8B
Thanks for your quick reply=2E
=E2=80=8B
The issue that I am facing is for a list of 250 IP addresses, I can genera=
te a bpf filter that works when I specify it on the command line=2E
```
# ngctl msg em1-bpf: setprogram { thisHook=3D\"in\" ifMatch=3D\"out\" bpf_=
prog_len=3D258 bpf_prog=3D[ { code=3D40 jt=3D0 jf=3D0 k=3D12 }=20
```
=E2=80=8B
But when I try to use `-f` or the `read` command, either for a file on dis=
k or using echo pipe or a STDIN redirect I get this error:
```
ngctl: send msg: Invalid argument
ngctl: line 1: error in file
```
=E2=80=8B
This is odd because when I specify arguments via the terminal (under the k=
ern=2Eargmax limit) everything works fine=2E
=E2=80=8B
Here are my sysctls for netgraph and bpf=2E
```
# sysctl net=2Egraph
net=2Egraph=2Econtrol=2Eproto: 2
net=2Egraph=2Edata=2Eproto: 1
net=2Egraph=2Efamily: 32
net=2Egraph=2Erecvspace: 9000000
net=2Egraph=2Emaxdgram: 5120000
net=2Egraph=2Emsg_version: 8
net=2Egraph=2Eabi_version: 12
net=2Egraph=2Emaxdata: 4096
net=2Egraph=2Emaxalloc: 4096
net=2Egraph=2Ethreads: 8
# sysctl net=2Ebpf
net=2Ebpf=2Emaxbufsize: 524288
net=2Ebpf=2Ebufsize: 4096
net=2Ebpf=2Eoptimize_writers: 0
net=2Ebpf=2Ezerocopy_enable: 0
net=2Ebpf=2Emaxinsns: 512000
```
=E2=80=8B
Best regards,
=E2=80=8B
Reshad
On 31 March 2018 7:42:13 PM IST, Eugene Grosbein <eugen@grosbein=2Enet> wr=
ote:
>31=2E03=2E2018 20:46, Reshad Patuck wrote:
>
>[skip]
>
>> Please let me know what I am doing wrong with the ngctl config file
>and if there is another way,
>> maybe something more direct to load a binary bpf filter directly into
>ng_bpf=2E
>
>[skip]
>
>Please read ngctl(8) manual page carefully=2E There are other ways=2E
>First, you may move all arguments to ngctl from command line to a file
>and run ngctl -f filename=2E
>Second, as for many other utilities, you can use dash (-) instead of
>filename to make ngctl
>read its arguments from standard input, e=2Eg=2E this is the same as "ngc=
tl
>ls":
>
># echo ls | ngctl -f -
>There are 9 total nodes:
>Name: em0 Type: ether ID: 00000001 Num hooks: 0
>
>Then, for shell script, you can use << such as:
>
>#!/bin/sh
>
>ngctl -f - << EOF
>msg em1-bpf: setprogram $program
>EOF
>
>All these methods impose no limits on size of such control messages=2E
>
>However, there is loader tunnable net=2Egraph=2Emaxdgram that imposes
>another
>limit on size of binary representation of control message that ngctl
>passes to a kernel
>and you may need to increase it at some point=2E I increase it upto 8
>megabytes for my purposes=2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36DD471B-D88D-4074-A4D3-A480F5EC2392>