From owner-freebsd-net  Thu Jun 27 14: 1:55 2002
Delivered-To: freebsd-net@freebsd.org
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by hub.freebsd.org (Postfix) with ESMTP id 416C737B400
	for <freebsd-net@FreeBSD.ORG>; Thu, 27 Jun 2002 14:00:26 -0700 (PDT)
Received: from InterJet.elischer.org ([12.232.206.8])
          by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020627210024.PPOZ15755.rwcrmhc53.attbi.com@InterJet.elischer.org>;
          Thu, 27 Jun 2002 21:00:24 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id NAA70567;
	Thu, 27 Jun 2002 13:45:19 -0700 (PDT)
Date: Thu, 27 Jun 2002 13:45:17 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Arthur Peet <arthur.peet@toltec.biz>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: bpf/netgraph interaction
In-Reply-To: <5.1.1.6.2.20020627122834.022c8f50@mail.toltecint.net>
Message-ID: <Pine.BSF.4.21.0206271343560.69706-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Use the Source Luke!



ether_input(ifp, eh, m)
        struct ifnet *ifp;
        struct ether_header *eh;
        struct mbuf *m;
{
        struct ether_header save_eh;
 
        /* Check for a BPF tap */
        if (ifp->if_bpf != NULL) {
                struct m_hdr mh;
  
                /* This kludge is OK; BPF treats the "mbuf" as read-only
*/
                mh.mh_next = m;
                mh.mh_data = (char *)eh;
                mh.mh_len = ETHER_HDR_LEN;
                bpf_mtap(ifp, (struct mbuf *)&mh);
        }

        ifp->if_ibytes += m->m_pkthdr.len + sizeof (*eh);

        /* Handle ng_ether(4) processing, if any */
        if (ng_ether_input_p != NULL) {
                (*ng_ether_input_p)(ifp, &m, eh);
                if (m == NULL)
                        return;
        }
         
        /* Check for bridging mode */
        if (BDG_ACTIVE(ifp) ) {
                struct ifnet *bif;
[...]


as you see, bpf copies are taken before netgraph processing..
and non-netgraph bridging occurs after that.


On Thu, 27 Jun 2002, Arthur Peet wrote:

> G'day.
> 
> Can anyone explain the relationship between BPF and netgraph sockets?  I am 
> trying to intercept packets destined for a process which is using BPF for 
> read and write operations on an interface (and drop not-so-good 
> packets).  I can see all packets on the interface (using NgRecvData), 
> however I am unable to drop the bad packets (by not calling my NgSendData 
> function) as the process using BPF seems to be bypassing the netgraph 
> functions.
> 
> Thanks,
> 
> -Art
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message