From owner-freebsd-hackers@FreeBSD.ORG Fri Feb 11 16:48:36 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 16F03106566C for ; Fri, 11 Feb 2011 16:48:36 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id E2C2B8FC08 for ; Fri, 11 Feb 2011 16:48:35 +0000 (UTC) Received: from julian-mac.elischer.org (home-nat.elischer.org [67.100.89.137]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id p1BGmW9i070248 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 11 Feb 2011 08:48:33 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <4D55686B.5050202@freebsd.org> Date: Fri, 11 Feb 2011 08:48:43 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Da Rock References: <4D54E39D.1000505@herveybayaustralia.com.au> <4D54F0B0.7010503@freebsd.org> <4D550300.5090000@herveybayaustralia.com.au> <4D553C4B.5000101@herveybayaustralia.com.au> In-Reply-To: <4D553C4B.5000101@herveybayaustralia.com.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org, Vlad Galu Subject: Re: linux PF_PACKET compatibility X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2011 16:48:36 -0000 On 2/11/11 5:40 AM, Da Rock wrote: > On 02/11/11 19:54, Vlad Galu wrote: >> >> >> On Fri, Feb 11, 2011 at 11:36 AM, Da Rock >> > > wrote: >> >> On 02/11/11 18:17, Julian Elischer wrote: >> >> On 2/10/11 11:22 PM, Da Rock wrote: >> >> "In recent versions of the Linux kernel (post-2.0 >> releases) a new protocol family has been introduced, >> named PF_PACKET. This family allows an application to >> send and receive packets dealing directly with the >> network card driver, thus avoiding the usual protocol >> stack-handling (e.g., IP/TCP or IP/UDP processing). >> That is, any packet sent through the socket will be >> directly passed to the Ethernet interface, and any >> packet received through the interface will be directly >> passed to the application." >> >> I've been chasing the answer to a FreeBSD version of >> this (approx. anyway), but I needed to find out what >> exactly PF_PACKET was first. Finally found this answer >> here: http://www.linuxjournal.com/article/4659 >> >> I looked up man socket and I can see possibilities (in >> my mind anyway), but I thought I'd be best to check if >> the gurus here might have a better idea. My reason for >> this is I'm attempting to build l2tpns (which >> supposedly builds on 7.3?! with no trouble), and I'm >> chasing the errors which appear to be linuxisms mostly. >> >> So in man socket simply looking at the list of protocol >> families I'd say network driver level would be similar >> to PF_LINK link layer interface? Is there another man >> page I should be looking at as well? >> >> >> We don't have an exact equivalent.. but we have ways of >> doing the same thing. >> one way that is suggested is to use pcap and bpf which I am >> pretty certain has been enhanced to allow sending as >> well as receiving. >> you can also hook directly to the interface using netgraph(4) >> there are other ways too but those are the two that came to >> mind immediately. >> >> So I'm going to have to rewrite that interface entirely? >> Bugger! I just can't fathom how this howto could even exist for >> l2tpns on FreeBSD if it isn't even close to buildable... weird! >> >> http://kuapp.com/2010/07/14/how-to-setup-l2tpipsec-vpn-on-freebsd.html >> >> Thanks guys. I'll probably come back with more problems as I >> slowly crack this one... :) >> >> >> I suppose you could just use mpd :) > I could, I guess. But where's the fun in that? :) > > Seriously, though, mpd didn't quite cut it (I thought) for me. I > need a l2tp vpn server with the capability to handle multiple > clients with only one interface. The server is behind a firewall, > and I'm trying for a "walled garden" variety I guess. So far my > research has brought me here, but I'm open to suggestions. why do you think you need only one interface? > > One other that has my attention is l2tpd (in ports). I want radius > auth, so IF I can use pppd in base and radius (which as I > understand- so far anyway- it needs), and only uses a single > interface, then maybe. pppd in base will I think give you multiple interfaces.. > > I'm still hunting and playing- learning on the fly. From what I read > mpd uses an ng interface for every single client. L2tpns doesn't, > and from what I've read so far neither does l2tpd (I was actually > looking at another fork of that xl2tpd). I could use some advice > from someone with experience with this, but my feelers on -questions > didn't get much response. I may try on -net if this fails... again, whats' with the single interface? > > Aside from that I also wanted to get a bit more of a hands on feel > for the FreeBSD core. I can't sit on the sidelines yelling at the > players any more :) I'm not much for spectator sport either...