From owner-freebsd-net@FreeBSD.ORG  Mon Jun 14 17:35:56 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BEEBA16A4CE
	for <freebsd-net@freebsd.org>; Mon, 14 Jun 2004 17:35:56 +0000 (GMT)
Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7B16F43D41
	for <freebsd-net@freebsd.org>; Mon, 14 Jun 2004 17:35:56 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from interjet.elischer.org ([24.7.73.28])
          by comcast.net (sccrmhc11) with ESMTP
          id <2004061417192301100ff07je>; Mon, 14 Jun 2004 17:19:23 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA30773;
	Mon, 14 Jun 2004 10:19:22 -0700 (PDT)
Date: Mon, 14 Jun 2004 10:19:20 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: James Housley <jim@Thehousleys.net>
In-Reply-To: <40CDBAC2.50403@Thehousleys.net>
Message-ID: <Pine.BSF.4.21.0406141016280.30464-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-net@FreeBSD.org
Subject: Re: Using netgraph for filtering/modifing packets
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2004 17:35:56 -0000



On Mon, 14 Jun 2004, James Housley wrote:

> For testing of a product I would like to be able to modify or even drop
> packets based on their content.  What I have in mind is forcing the
> packets through a firewall that would redirect all packet to a netgraph
> node that would either pass unchanged, drop or change the contents to
> assist in testing some corner cases in the code.
> 
> 1) is this something doable with netgraph, I believe it is.

yes


> 
> 2) what might be a good place to start?  Have done some searching, but
> haven't found any example code I thought I could start from.

What sort of filter do you need?

you can pass packets to netgraph from ipfw by diverting them and
openning a divert socket with teh ksocket node..

Or you can pick them directly from the network interface
and filter yourself using the 'bpf' node type to select 
on something.
or you can use the etf type of node to filter on a particular 
ethertype..

there are a lot of options but I don't knw your application enough :-)

Julian


> 
> Thanks,
> Jim
> 
> -- 
> /"\   ASCII Ribbon Campaign  .
> \ / - NO HTML/RTF in e-mail  .
>    X  - NO Word docs in e-mail .
> / \ -----------------------------------------------------------------
> jeh@FreeBSD.org      http://www.FreeBSD.org     The Power to Serve
> jim@TheHousleys.Net  http://www.TheHousleys.net
> ---------------------------------------------------------------------
> Your mouse has moved.
> Windows NT must be restarted for the change to take effect!
> 
> Reboot now?  [OK]
>