From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 12 19:40:08 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C71CB16A419 for ; Sat, 12 Jan 2008 19:40:08 +0000 (UTC) (envelope-from subhashg.unix@gmail.com) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.228]) by mx1.freebsd.org (Postfix) with ESMTP id 33FEA13C459 for ; Sat, 12 Jan 2008 19:40:07 +0000 (UTC) (envelope-from subhashg.unix@gmail.com) Received: by hu-out-0506.google.com with SMTP id 28so615349hub.8 for ; Sat, 12 Jan 2008 11:40:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=hcZDKdnK6eGSqVSvCMbm9OTWapTfyUEymRS7MI6ggR0=; b=hHg2CpgOePEbGqxRSW62p+EB7DV6B+wuTBwZi/IYH9tmnHub1MC+qH7sD7x5jaQknv6/yUZUwA5t7CdnK5bVNbw5CMYA91TUP6HjRxRIUj7BzpHijsnzkSTMe0M0kpE3YOo2//kv5EbRg+NR9o7baoOFaCUuycG9fzblwBCAq9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=o8SXbfltOa8++0wI4z6jKj0KljlYO6l/7NEBbFgRWHLi4Jdee4thsNraPJ8HLej7VaS2zNAqO86aP7PtDgiVEvdB6ryTJ9X4yq63CqEBgEbKkTRfllh5JqJx6YcYJOOnsF++bmKnmlc2VunzYBFF16Nc55s4RIW/NoWdUKYhL5M= Received: by 10.78.129.16 with SMTP id b16mr5479260hud.39.1200166805934; Sat, 12 Jan 2008 11:40:05 -0800 (PST) Received: by 10.78.187.8 with HTTP; Sat, 12 Jan 2008 11:40:05 -0800 (PST) Message-ID: <5db9d2e0801121140x76c26a6k20e12a21db4cf0ae@mail.gmail.com> Date: Sat, 12 Jan 2008 11:40:05 -0800 From: "Subhash Gopinath" To: "Lawrence Stewart" In-Reply-To: <47885EF3.8070104@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <5db9d2e0801112010s55812b20p6a43f0fbb5cddd17@mail.gmail.com> <47885EF3.8070104@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: netgraph question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jan 2008 19:40:08 -0000 Thanks, looks interesting. But I was looking at processing the packets in userspace. Sorry I didn't mention it clearly. Thanks, -Subhash On Jan 11, 2008 10:32 PM, Lawrence Stewart wrote: > Hi Subhash, > > Subhash Gopinath wrote: > > Hello folks, > > > > I am looking at writing an application program to tap certain ipv6 packets > > (say icmpv6) > > using netgraph. The application has to do some processing, before kernel can > > proceed > > with those packets. > > > > I have vaguely understood netgraph, and I see that I need a ng_socket node > > in the application, an ng_bpf node, and an ng_ether or ng_iface node in the > > kernel. > > > > My question is. would I need to create such nodes for each interface. Then > > it becomes unscalable.. > > Can I have just one socket, bpf, iface node that can tap icmpv6 packets on > > all interfaces? > > The PFIL(9) interface might also be of interest to you. If all you need > to do is packet interception and then allow/deny packets based on the > results of some processing, PFIL might be the way to go. We wrote some > code (SIFTR [1]) which uses PFIL in a similar capacity and you may want > to refer to it as an example. > > Cheers, > Lawrence > > [1] http://caia.swin.edu.au/urp/newtcp/tools.html >