Date: Fri, 11 Feb 2011 17:16:37 -0800 From: Julian Elischer <julian@freebsd.org> To: Da Rock <freebsd-hackers@herveybayaustralia.com.au> Cc: freebsd-hackers@freebsd.org Subject: Re: linux PF_PACKET compatibility Message-ID: <4D55DF75.4060703@freebsd.org> In-Reply-To: <4D55CF92.4090608@herveybayaustralia.com.au> References: <4D54E39D.1000505@herveybayaustralia.com.au> <4D54F0B0.7010503@freebsd.org> <4D550300.5090000@herveybayaustralia.com.au> <AANLkTin8i2tExDEj5RiZOgatqsgLD3o3Nnk1-6345fOz@mail.gmail.com> <4D553C4B.5000101@herveybayaustralia.com.au> <4D55686B.5050202@freebsd.org> <4D55CF92.4090608@herveybayaustralia.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/11/11 4:08 PM, Da Rock wrote: > On 02/12/11 02:48, Julian Elischer wrote: >> On 2/11/11 5:40 AM, Da Rock wrote: >>> On 02/11/11 19:54, Vlad Galu wrote: >>>> >>>> >>>> On Fri, Feb 11, 2011 at 11:36 AM, Da Rock >>>> <freebsd-hackers@herveybayaustralia.com.au >>>> <mailto:freebsd-hackers@herveybayaustralia.com.au>> wrote: >>>> >>>> On 02/11/11 18:17, Julian Elischer wrote: >>>> >>>> On 2/10/11 11:22 PM, Da Rock wrote: >>>> >>>> "In recent versions of the Linux kernel (post-2.0 >>>> releases) a new protocol family has been introduced, >>>> named PF_PACKET. This family allows an application to >>>> send and receive packets dealing directly with the >>>> network card driver, thus avoiding the usual protocol >>>> stack-handling (e.g., IP/TCP or IP/UDP processing). >>>> That is, any packet sent through the socket will be >>>> directly passed to the Ethernet interface, and any >>>> packet received through the interface will be directly >>>> passed to the application." >>>> >>>> I've been chasing the answer to a FreeBSD version of >>>> this (approx. anyway), but I needed to find out what >>>> exactly PF_PACKET was first. Finally found this answer >>>> here: http://www.linuxjournal.com/article/4659 >>>> >>>> I looked up man socket and I can see possibilities (in >>>> my mind anyway), but I thought I'd be best to check if >>>> the gurus here might have a better idea. My reason for >>>> this is I'm attempting to build l2tpns (which >>>> supposedly builds on 7.3?! with no trouble), and I'm >>>> chasing the errors which appear to be linuxisms mostly. >>>> >>>> So in man socket simply looking at the list of protocol >>>> families I'd say network driver level would be similar >>>> to PF_LINK link layer interface? Is there another man >>>> page I should be looking at as well? >>>> >>>> >>>> We don't have an exact equivalent.. but we have ways of >>>> doing the same thing. >>>> one way that is suggested is to use pcap and bpf which I am >>>> pretty certain has been enhanced to allow sending as >>>> well as receiving. >>>> you can also hook directly to the interface using >>>> netgraph(4) >>>> there are other ways too but those are the two that came to >>>> mind immediately. >>>> >>>> So I'm going to have to rewrite that interface entirely? >>>> Bugger! I just can't fathom how this howto could even exist for >>>> l2tpns on FreeBSD if it isn't even close to buildable... weird! >>>> >>>> >>>> http://kuapp.com/2010/07/14/how-to-setup-l2tpipsec-vpn-on-freebsd.html >>>> >>>> >>>> Thanks guys. I'll probably come back with more problems as I >>>> slowly crack this one... :) >>>> >>>> >>>> I suppose you could just use mpd :) >>> I could, I guess. But where's the fun in that? :) >>> >>> Seriously, though, mpd didn't quite cut it (I thought) for me. I >>> need a l2tp vpn server with the capability to handle multiple >>> clients with only one interface. The server is behind a firewall, >>> and I'm trying for a "walled garden" variety I guess. So far my >>> research has brought me here, but I'm open to suggestions. >> >> why do you think you need only one interface? >> >>> >>> One other that has my attention is l2tpd (in ports). I want radius >>> auth, so IF I can use pppd in base and radius (which as I >>> understand- so far anyway- it needs), and only uses a single >>> interface, then maybe. >> >> pppd in base will I think give you multiple interfaces.. >>> >>> I'm still hunting and playing- learning on the fly. From what I >>> read mpd uses an ng interface for every single client. L2tpns >>> doesn't, and from what I've read so far neither does l2tpd (I was >>> actually looking at another fork of that xl2tpd). I could use some >>> advice from someone with experience with this, but my feelers on >>> -questions didn't get much response. I may try on -net if this >>> fails... >> >> again, whats' with the single interface? > To be honest I don't know. But from what I've read up on it so far > (including mpd - use and ng interface) I will have an net interface > for every client. Apparently l2tpns doesn't do that, and one of the > arguments for its use is that feature. If one has say 100 clients, > each of those needs to be managed- 1 sounds better to me :) > > I am only working on theory here so far though, so please let me > know if I'm on the wrong track. if you have multiple interfaces you can set differnt mtus for them etc. and routing is more straight forward. you can do tcpdump on a particular interface or filter on just one interface. there have been people with > 100 interfaces.. who didn't seem to have any problems. there are advantages and disadvantages. > > Cheers >>> >>> Aside from that I also wanted to get a bit more of a hands on feel >>> for the FreeBSD core. I can't sit on the sidelines yelling at the >>> players any more :) I'm not much for spectator sport either... >> >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to >> "freebsd-hackers-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D55DF75.4060703>