From owner-freebsd-stable@FreeBSD.ORG Tue Oct 10 17:09:40 2006 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5554616A4D8 for ; Tue, 10 Oct 2006 17:09:40 +0000 (UTC) (envelope-from nomadlogic@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B91243D8A for ; Tue, 10 Oct 2006 17:08:01 +0000 (GMT) (envelope-from nomadlogic@gmail.com) Received: by py-out-1112.google.com with SMTP id o67so2718954pye for ; Tue, 10 Oct 2006 10:08:01 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uO9HnwPSs/alYMV9ByoABrEYS5Aspwc5oyBv5RQRoEWFck/JDeW6M6X5OVabCJRgH1LkYUWBJ1OLB2hky6FMubawObZ+xBkf03UwgGihQesOs94xqlI32tPyknrl42Vb0HUyGQDaFmhE6/I0/qPBVSjcMRRN1s1ykmJR9avScd8= Received: by 10.35.52.18 with SMTP id e18mr1195618pyk; Tue, 10 Oct 2006 10:08:00 -0700 (PDT) Received: by 10.35.20.15 with HTTP; Tue, 10 Oct 2006 10:08:00 -0700 (PDT) Message-ID: <57d710000610101008h47c96971v35b5483ca6052fad@mail.gmail.com> Date: Tue, 10 Oct 2006 10:08:00 -0700 From: "pete wright" To: "Eduardo Meyer" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: stable@freebsd.org Subject: Re: Netgraph - ng_bpf help (first experience) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2006 17:09:40 -0000 On 10/10/06, Eduardo Meyer wrote: > Hello, > > I tried asking it on freebsd-ipfw@ but I got no luck. Maybe because > this is related to Netgraph and not ipfw essentially. > > I want to use ng_bpf to use ng_tag to use ipfw-tag. Looks like lego, > where I have to assemble my toy, but I liked Lego when I was a child. > > Following ng_bpf(4) man page I ran this script: > > PATTERN="(ether[40:4]=0x134e5844 && > ether[44:4]=0x6f6d6169 && > ether[48:4]=0x6e0a)" > > NODEPATH="my_node:" > INHOOK="hook1" > MATCHHOOK="hook2" > NOTMATCHHOOK="hook3" > > cat > /tmp/bpf.awk << xxENDxx > { > if (!init) { > printf "bpf_prog_len=%d bpf_prog=[", \$1; > init=1; > } else { > printf " { code=%d jt=%d jf=%d k=%d }", \$1, \$2, \$3, \$4; > } > } > END { > print " ]" > } > xxENDxx > > BPFPROG=`tcpdump -s 8192 -ddd ${PATTERN} | awk -f /tmp/bpf.awk` > ngctl msg ${NODEPATH} setprogram { thisHook=\"${INHOOK}\" \ > ifMatch=\"${MATCHHOOK}\" \ > ifNotMatch=\"${NOTMATCHHOOK}\" \ > ${BPFPROG} } } > > But I got this message: > > ngctl: send msg: No such file or directory > are you sure you are able to write to /tmp, this error looks like it is not able to read /tmp/bpf.awk. > I printed the full commands that returns the error, it is: > > ngctl msg setprogram { thisHook="" ifMatch="" ifNotMatch="" > bpf_prog_len=8 bpf_prog=[ { code=32 jt=0 jf=0 k=40 } { code=21 jt=0 > jf=5 k=323901508 } { code=32 jt=0 jf=0 k=44 } { code=21 jt=0 jf=3 > k=1869439337 } { code=32 jt=0 jf=0 k=48 } { code=21 jt=0 jf=1 k=28170 > } { code=6 jt=0 jf=0 k=8192 } { code=6 jt=0 jf=0 k=0 } ] } } > i suspect this is what the contents of /tmp/bpf.awk are. if not maybe post that to the thread.... -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group