From owner-freebsd-net  Thu Jul 26 11:34:53 2001
Delivered-To: freebsd-net@freebsd.org
Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9])
	by hub.freebsd.org (Postfix) with ESMTP id 2ABBB37B401
	for <freebsd-net@freebsd.org>; Thu, 26 Jul 2001 11:34:50 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA10560;
	Thu, 26 Jul 2001 13:32:01 -0700 (PDT)
Date: Thu, 26 Jul 2001 13:32:00 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Brian Reichert <reichert@numachi.com>
Cc: freebsd-net@freebsd.org
Subject: Re: filtering with netgraph?
In-Reply-To: <20010726125321.D79454@numachi.com>
Message-ID: <Pine.BSF.4.21.0107261321510.10515-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org



On Thu, 26 Jul 2001, Brian Reichert wrote:

> I need to put together a bridging packet filter.  I've done so in
> the past with bridge(4) and ipfw(8), and am willing to do so again.
> 
> However, there seems to be a great deal of interest nowadays in
> using netgraph(4).
> 
> Two things I haven't yet been able to glean from the archives (yet,
> pointers appreciated):
> 
> - Is it currently achieveable?  I get the impression from
> 
>   <http://www.daemonnews.org/200003/netgraph.html>
> 
>     "here are many node types yet to be written:
> 
>      An implementation of the Dynamic Packet Filter as a netgraph
>      node. DPF is sort of a hyper-speed JIT compiling version of
>      BPF."
> 
>    that such an ability is not quite in place yet.

yes and no..
there is a BPF node that takes BPF filter expressions
and selects between one of a number of hooks using that.

there is also an ipfw node (not checked in) that can be
used (mentionned several times in the lists... Needs updating
and someone said they were going to do that..)

lastly, you could implement DPF :-)
(it's part of the exokernel project) (MIT)

given that then I think we could alter the 'bridge' node
to know how to hook onto a filter.

> 
> - Would a netgraph-based bridge be limited to the set of interfaces
>   documented in bridge(4)?

NO, and these days even the other bridging is supported by 
teh base ethernet code rather than a particular driver (I think)


> 
> Just fishing for info...
> 
> -- 
> Brian 'you Bastard' Reichert		<reichert@numachi.com>
> 37 Crystal Ave. #303			Daytime number: (603) 434-6842
> Derry NH 03038-1713 USA			Intel architecture: the left-hand path
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message