From owner-freebsd-net@FreeBSD.ORG Wed Jul 9 12:38:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1E5237B404 for ; Wed, 9 Jul 2003 12:38:09 -0700 (PDT) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4B8943F75 for ; Wed, 9 Jul 2003 12:38:07 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by attbi.com (rwcrmhc13) with ESMTP id <2003070919380601500777gke>; Wed, 9 Jul 2003 19:38:06 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA32310; Wed, 9 Jul 2003 12:38:05 -0700 (PDT) Date: Wed, 9 Jul 2003 12:38:04 -0700 (PDT) From: Julian Elischer To: Brooks Davis In-Reply-To: <20030709193353.GA17128@Odin.AC.HMC.Edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: kw3wong@engmail.uwaterloo.ca cc: dsze@engmail.uwaterloo.ca Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2003 19:38:10 -0000 On Wed, 9 Jul 2003, Brooks Davis wrote: > On Wed, Jul 09, 2003 at 03:23:52PM -0400, kw3wong@engmail.uwaterloo.ca wrote: > > Hi guys, > > > > My first attempts at hacking FreeBSD kernel code has not been very fruitful, so > > I'm hoping someone with more experience and knowhow might be able to point out > > the mistakes that I'm making. > > > > Firstly, let me explain what I'm trying to do. I'm currently working on a > > University project that performs some type of transformation (compression, > > security, string replacement, etc) on packets as they pass through the system. > > The current setup has the FreeBSD machine configured as a router, and the > > transformation is performed on packets that are routed. This is done via divert > > sockets and everything is fine and dandy, we're getting great results from this > > setup. > > > > However, what we want to do next is to have the machine setup as a ethernet > > bridge instead, and the transformation is to be performed on the bridged > > packets. Unfortunately, as most of you probably know, divert sockets do not > > work with bridges as of yet. > > Since you are paying the price of pulling all packets into userland > anyway, I'd suggest you just do the bridging in userland. You can use > bpf to send and recieve packets on each interface and then bridge and > process them in your application. I did this a while back and the whole > thing took about 1400 lines of code. Unfortunalty, I can't release the > code, but it only took a few hours to write and debug the bridging part. how come no-one knows about netgraph.. the framework designed to do exactly this? :-) It's only been in use for 6 years..