From owner-freebsd-net  Mon Feb 19  4:44:49 2001
Delivered-To: freebsd-net@freebsd.org
Received: from urban.iinet.net.au (urban.iinet.net.au [203.59.24.231])
	by hub.freebsd.org (Postfix) with ESMTP id 4426937B401
	for <net@freebsd.org>; Mon, 19 Feb 2001 04:44:45 -0800 (PST)
Received: from elischer.org (i074-022.nv.iinet.net.au [203.59.74.22])
	by urban.iinet.net.au (8.8.7/8.8.7) with ESMTP id UAA02457;
	Mon, 19 Feb 2001 20:44:25 +0800
Message-ID: <3A911511.8897BEC3@elischer.org>
Date: Mon, 19 Feb 2001 04:44:01 -0800
From: Julian Elischer <julian@elischer.org>
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386)
X-Accept-Language: en, hu
MIME-Version: 1.0
To: Satyajeet Seth <sseth@sasken.com>
Cc: net@freebsd.org
Subject: Re: Using netgraph to implement pseudo interfaces
References: <Pine.GSO.4.30.0102191740360.4360-100000@suns3.sasi.com>
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Satyajeet Seth wrote:
> 
> Hi
> 
> A node of type ng_bpf uses BPF. How is a packet passed onto the
> BPF? I believe a copy of the packet is sent. Is this correct?

man ng_bpf.

the ng_bpf node takes a packet as input and applies a bpf 'filter' to it.
if the filter succeeds, the packet is sent out the hook marked for success in
that filter.
If the filter fails is is passed out the hook marked for failure in that filter.

If the correct hook is NULL, the packet is discarded.

It is a PACKET. it is not a copy unless you first copied it, which
is irrelevent and beyond the knowledge of the ng_bpf node.
(the ng_bpf node gets it's packets from netgraph in  the usual netgraph
way and NOT by the usual bpf hooks in the drivers.)

> 
> Once a packet is sent to the BPF, will the driver process the
> packet further and queue it to the IP layer?

No, not unless you send it back to the interface to be processed further.

please read the netgraph man page
man 4 netgraph
and the ng_ether man page
man 4 ng_ether

> 
> If so, in our case, there will be duplication of packets. Here the BPF
> will pass the packets onto pseudo ethernet interfaces.  These interfaces
> will in turn queue the packets to the IP layer.

There is no duplication. Netgraph produces a non directed graph (in math-speak)
of connected nodes to process arbitrary data in arbitrary ways.
There is a 'hook' in the ethernet framework that allows ethernet packets to be
TOTALY DIVERTED into netgraph (or only diverted if unrecognised).
netgraph in turn has a means to feed the packets back into the normal
stream after it has completed processing. (useful for wrapping for VPNs etc)
It can feed them back into the ethernet framework to cntinue upwards
as if nothing has happenned, into a virtual interface, out a socket, into
another
node, or out the transmit side of the original (or any other) interface. What it 
does depends entirely how you hook it toghther. Think of LEGO for networking.


> 
> Thanks
> Satya
> 


-- 
      __--_|\  Julian Elischer
     /       \ julian@elischer.org
    (   OZ    ) World tour 2000-2001
---> X_.---._/  
            v


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message