Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 01 Jul 2002 08:49:14 -0600
From:      Arthur Peet <arthur.peet@toltec.biz>
To:        Julian Elischer <julian@elischer.org>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: bpf/netgraph interaction
Message-ID:  <5.1.1.6.2.20020628085502.00a6bf08@mail.toltecint.net>
In-Reply-To: <Pine.BSF.4.21.0206271614240.69706-100000@InterJet.elischer .org>
References:  <5.1.1.6.2.20020627170548.0220fb38@mail.toltecint.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Julian,
Thanks for your assistance.  My understanding of the use and power of 
netgraph is
much improved.  Your first response to my question (Go to the source, ...), 
gave me the
idea to filter the response "from" the process which was using BPF for it's 
read and write
operations.  This was done in hope the BPF injection also occurred before 
netgraph hook
for the transactions to the interface (again, I was not able to prove this 
in the source).
This gave me the result I was looking for.
Thanks again,
Art

At 05:20 PM 6/27/2002, Julian Elischer wrote:
>Ipfw divers from within the IP stack
>by then it's too late.
>
>you could diver th epackets using netgraph and filter them and then
>pass them back into the eiface netgraph node to continue up.
>
>then you tell your application to listen to the "nge"
>interface.. unfortunatly another driver also produces 'nge' interfaces,
>but the chance you have htat card is quite small.
>
>
>
>[fxp0]<--->[ng_ether]<----->{filter}<--->ng_eiface<---->[IP stack]
>                                             \
>                                              \---BPF
>
>
>
>
>
>
>
>On Thu, 27 Jun 2002, Arthur Peet wrote:
>
> > At 04:50 PM 6/27/2002, Julian Elischer wrote:
> > > > Are there any other taps I may access in order to accomplish this goal?
> > >
> > >I forget the goal. sorry
> >
> >
> >
> > No problem - Hope you don't mind if I restate it.
> > I am trying to strip/drop packets before they reach a server process 
> which uses
> > BPF for communicating with the network interface.
> > I have briefly been looking into using an ipfw/divert socket, but I don't
> > think that is
> > going to work either.
> >
> > Thanks again!
> > -Art
> >
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message
> >



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.1.6.2.20020628085502.00a6bf08>