From owner-freebsd-net@freebsd.org Sun Apr 1 08:36:09 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B55FF71F5B for ; Sun, 1 Apr 2018 08:36:09 +0000 (UTC) (envelope-from reshadpatuck1@gmail.com) Received: from mail-pl0-x243.google.com (mail-pl0-x243.google.com [IPv6:2607:f8b0:400e:c01::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2F38D7D666 for ; Sun, 1 Apr 2018 08:36:09 +0000 (UTC) (envelope-from reshadpatuck1@gmail.com) Received: by mail-pl0-x243.google.com with SMTP id u11-v6so2466905plq.1 for ; Sun, 01 Apr 2018 01:36:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:from:message-id; bh=R7a8Lsqk19b2TeEWPfT1DToSFCnsMnOeyENWq3a2MbI=; b=HJMLRJeFALLbXVXyCt0pTy3JGlQTzMO83ha3zMhDKNwk3aeWl/GrrcLwh0kG3PXapj DVyeqvyGXQWfC7Dv53Ka6aGUM9LakxCBwgceVvU+K0q+CNpZNG3a3HtUmQjvA/BhvoUX RFmDRjodBTpiUqqIeXT/49BSeLhHwEx1zNubRPXZhlgNm8R/BwNN1okXpaC+6gWvLk+X RoocQZ3uI+BXrBSJIjs6j3B2gK6NGwgClIriu0IVn33k3MwA8fYI6N/j2E+sPmmyFPNU VAVsZB0lQTS1IImnY31nT23jzhY0RkhlKeXXSlULvqa68Jhsr9fgB/4Zk3BM0hVP9B2C Ut2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:user-agent:in-reply-to:references :mime-version:content-transfer-encoding:subject:to:from:message-id; bh=R7a8Lsqk19b2TeEWPfT1DToSFCnsMnOeyENWq3a2MbI=; b=IckuBGhQzW6L2IXG09TZTG1vUMiG2VNXMhxUBssFhT0q5IKQzzsbqUb5uEmY62BpsT 1WgqWBS9VOomQk+1xuZkMm7F8V78syd/bPhiCdST7bIIP5M3ZrScEH+P1optaIiKtq6N +BuFWBhOBOWnU9wyYifRRjfHY0FM905iIabRUtFM5htq4C2Er8dH1+J/PNLI3RU8LA2e LUYSDFH67pekhUjcyssiq+knSQpIlvMnmimjJHNetfw87W0eO5fbx2/nCTgaPxrwWha1 S9mM85MJQkJr8k3N06hdJu+RUUZlen2YQr0emvYniw9IkNG3pSqAXJ+DMBQ/jTdb9pc9 DMQg== X-Gm-Message-State: AElRT7HV2Xr4sTKxa0NiXuOX5lL1THDEHf3CsT6NMvp+PHWZmRuOmv3p fwNN11BU5lEgKGwCbZvYpw100mWY X-Google-Smtp-Source: AIpwx49AiH/mgLaK+BxyWZJwsAI3Phs6aGDKRy9c7ESjQ3qoqdjofai1M2yuEcKZIIGxouxZ4OOuSw== X-Received: by 2002:a17:902:7185:: with SMTP id b5-v6mr5577346pll.221.1522571768167; Sun, 01 Apr 2018 01:36:08 -0700 (PDT) Received: from ?IPv6:2402:3a80:615:bd5:8842:4fe3:5758:f6ac? ([2402:3a80:615:bd5:8842:4fe3:5758:f6ac]) by smtp.gmail.com with ESMTPSA id r18sm22885703pgd.46.2018.04.01.01.36.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Apr 2018 01:36:07 -0700 (PDT) Date: Sun, 01 Apr 2018 14:06:01 +0530 User-Agent: K-9 Mail for Android In-Reply-To: <5ABF973D.5070009@grosbein.net> References: <5ABF973D.5070009@grosbein.net> MIME-Version: 1.0 Subject: Re: [netgraph] ng_bpf filter large list of IP addresses To: Eugene Grosbein ,freebsd-net@freebsd.org From: Reshad Patuck Message-ID: <36DD471B-D88D-4074-A4D3-A480F5EC2392@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Apr 2018 08:36:09 -0000 Hi Eugene, =E2=80=8B Thanks for your quick reply=2E =E2=80=8B The issue that I am facing is for a list of 250 IP addresses, I can genera= te a bpf filter that works when I specify it on the command line=2E ``` # ngctl msg em1-bpf: setprogram { thisHook=3D\"in\" ifMatch=3D\"out\" bpf_= prog_len=3D258 bpf_prog=3D[ { code=3D40 jt=3D0 jf=3D0 k=3D12 }=20 ``` =E2=80=8B But when I try to use `-f` or the `read` command, either for a file on dis= k or using echo pipe or a STDIN redirect I get this error: ``` ngctl: send msg: Invalid argument ngctl: line 1: error in file ``` =E2=80=8B This is odd because when I specify arguments via the terminal (under the k= ern=2Eargmax limit) everything works fine=2E =E2=80=8B Here are my sysctls for netgraph and bpf=2E ``` # sysctl net=2Egraph net=2Egraph=2Econtrol=2Eproto: 2 net=2Egraph=2Edata=2Eproto: 1 net=2Egraph=2Efamily: 32 net=2Egraph=2Erecvspace: 9000000 net=2Egraph=2Emaxdgram: 5120000 net=2Egraph=2Emsg_version: 8 net=2Egraph=2Eabi_version: 12 net=2Egraph=2Emaxdata: 4096 net=2Egraph=2Emaxalloc: 4096 net=2Egraph=2Ethreads: 8 # sysctl net=2Ebpf net=2Ebpf=2Emaxbufsize: 524288 net=2Ebpf=2Ebufsize: 4096 net=2Ebpf=2Eoptimize_writers: 0 net=2Ebpf=2Ezerocopy_enable: 0 net=2Ebpf=2Emaxinsns: 512000 ``` =E2=80=8B Best regards, =E2=80=8B Reshad On 31 March 2018 7:42:13 PM IST, Eugene Grosbein wr= ote: >31=2E03=2E2018 20:46, Reshad Patuck wrote: > >[skip] > >> Please let me know what I am doing wrong with the ngctl config file >and if there is another way, >> maybe something more direct to load a binary bpf filter directly into >ng_bpf=2E > >[skip] > >Please read ngctl(8) manual page carefully=2E There are other ways=2E >First, you may move all arguments to ngctl from command line to a file >and run ngctl -f filename=2E >Second, as for many other utilities, you can use dash (-) instead of >filename to make ngctl >read its arguments from standard input, e=2Eg=2E this is the same as "ngc= tl >ls": > ># echo ls | ngctl -f - >There are 9 total nodes: >Name: em0 Type: ether ID: 00000001 Num hooks: 0 > >Then, for shell script, you can use << such as: > >#!/bin/sh > >ngctl -f - << EOF >msg em1-bpf: setprogram $program >EOF > >All these methods impose no limits on size of such control messages=2E > >However, there is loader tunnable net=2Egraph=2Emaxdgram that imposes >another >limit on size of binary representation of control message that ngctl >passes to a kernel >and you may need to increase it at some point=2E I increase it upto 8 >megabytes for my purposes=2E