From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 12 07:02:18 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3223B16A417 for ; Sat, 12 Jan 2008 07:02:18 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: from outbound.icp-qv1-irony-out1.iinet.net.au (outbound.icp-qv1-irony-out1.iinet.net.au [203.59.1.108]) by mx1.freebsd.org (Postfix) with ESMTP id B286713C455 for ; Sat, 12 Jan 2008 07:02:17 +0000 (UTC) (envelope-from lstewart@freebsd.org) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao8CADbth0d8qBDq/2dsb2JhbACqCA X-IronPort-AV: E=Sophos;i="4.24,275,1196607600"; d="scan'208";a="274062850" Received: from unknown (HELO newbox.caia.swin.edu.au) ([124.168.16.234]) by outbound.icp-qv1-irony-out1.iinet.net.au with ESMTP; 12 Jan 2008 15:32:17 +0900 Message-ID: <47885EF3.8070104@freebsd.org> Date: Sat, 12 Jan 2008 17:32:19 +1100 From: Lawrence Stewart User-Agent: Thunderbird 2.0.0.4 (X11/20070625) MIME-Version: 1.0 To: Subhash Gopinath References: <5db9d2e0801112010s55812b20p6a43f0fbb5cddd17@mail.gmail.com> In-Reply-To: <5db9d2e0801112010s55812b20p6a43f0fbb5cddd17@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: netgraph question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2008 07:02:18 -0000 Hi Subhash, Subhash Gopinath wrote: > Hello folks, > > I am looking at writing an application program to tap certain ipv6 packets > (say icmpv6) > using netgraph. The application has to do some processing, before kernel can > proceed > with those packets. > > I have vaguely understood netgraph, and I see that I need a ng_socket node > in the application, an ng_bpf node, and an ng_ether or ng_iface node in the > kernel. > > My question is. would I need to create such nodes for each interface. Then > it becomes unscalable.. > Can I have just one socket, bpf, iface node that can tap icmpv6 packets on > all interfaces? The PFIL(9) interface might also be of interest to you. If all you need to do is packet interception and then allow/deny packets based on the results of some processing, PFIL might be the way to go. We wrote some code (SIFTR [1]) which uses PFIL in a similar capacity and you may want to refer to it as an example. Cheers, Lawrence [1] http://caia.swin.edu.au/urp/newtcp/tools.html