From owner-freebsd-net Mon Jul 1 7:49:35 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A21B537B494 for ; Mon, 1 Jul 2002 07:49:29 -0700 (PDT) Received: from mail.toltecint.net (mail.toltecint.net [65.45.180.172]) by mx1.FreeBSD.org (Postfix) with SMTP id 373D743E0A for ; Mon, 1 Jul 2002 07:49:28 -0700 (PDT) (envelope-from arthur.peet@toltec.biz) Received: (qmail 67841 invoked by uid 85); 1 Jul 2002 14:49:27 -0000 Received: from artslaptop.toltecint.net (HELO ARTSLAPTOP.toltec.biz) (192.168.135.20) by mail.toltecint.net with SMTP; 1 Jul 2002 14:49:24 -0000 Message-Id: <5.1.1.6.2.20020628085502.00a6bf08@mail.toltecint.net> X-Sender: art@mail.toltecint.net X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Mon, 01 Jul 2002 08:49:14 -0600 To: Julian Elischer From: Arthur Peet Subject: Re: bpf/netgraph interaction Cc: freebsd-net@FreeBSD.ORG In-Reply-To: References: <5.1.1.6.2.20020627170548.0220fb38@mail.toltecint.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Julian, Thanks for your assistance. My understanding of the use and power of netgraph is much improved. Your first response to my question (Go to the source, ...), gave me the idea to filter the response "from" the process which was using BPF for it's read and write operations. This was done in hope the BPF injection also occurred before netgraph hook for the transactions to the interface (again, I was not able to prove this in the source). This gave me the result I was looking for. Thanks again, Art At 05:20 PM 6/27/2002, Julian Elischer wrote: >Ipfw divers from within the IP stack >by then it's too late. > >you could diver th epackets using netgraph and filter them and then >pass them back into the eiface netgraph node to continue up. > >then you tell your application to listen to the "nge" >interface.. unfortunatly another driver also produces 'nge' interfaces, >but the chance you have htat card is quite small. > > > >[fxp0]<--->[ng_ether]<----->{filter}<--->ng_eiface<---->[IP stack] > \ > \---BPF > > > > > > > >On Thu, 27 Jun 2002, Arthur Peet wrote: > > > At 04:50 PM 6/27/2002, Julian Elischer wrote: > > > > Are there any other taps I may access in order to accomplish this goal? > > > > > >I forget the goal. sorry > > > > > > > > No problem - Hope you don't mind if I restate it. > > I am trying to strip/drop packets before they reach a server process > which uses > > BPF for communicating with the network interface. > > I have briefly been looking into using an ipfw/divert socket, but I don't > > think that is > > going to work either. > > > > Thanks again! > > -Art > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message