Date: Tue, 21 Mar 2000 13:37:56 -0800 From: Tom Pavel <pavel@NetworkPhysics.COM> To: freebsd-net@FreeBSD.ORG Subject: Netgraph and promiscuous interfaces Message-ID: <200003212137.NAA37883@gto.networkphysics.com>
next in thread | raw e-mail | index | archive | help
Encouraged by my hard-won success at getting the trivial "nghook -a
de3: divert" example working (see my Mar 16 message on KLD problems
with netgraph), I have moved on in my effort to convert a BPF-based
userland app into netgraph-based kernel processing.
I discovered that nghook will show me only ARPs and packets directed
to my interfaces' IP address. Well, of course, the interface is not
in promiscuous mode... So, I discovered that the "mtest" program
provides a simple way to set promiscuous mode on an interface, saving
me the trouble of writing a program to do the SIOCSIFFLAGS ioctl.
Afterwards, ifconfig indeed shows me the PROMISC flag.
It turns out, however, that my strategy of replacing BPF with netgraph
is flawed. All of the drivers I looked at contain code something like
this (from if_de.c):
if ((sc->tulip_flags & (TULIP_PROMISC|TULIP_HASHONLY))
&& (eh.ether_dhost[0] & 1) == 0
&& !TULIP_ADDREQUAL(eh.ether_dhost, sc->tulip_enaddr))
goto next;
accept = 1;
...
next:
...
if (accept)
ether_input(ifp, &eh, ms);
Clearly, the idea is that BPF is the only consumer of promiscuous-mode
packets and that ether_input() should not be called with packets that
wouldn't otherwise be seen when the interface is in promiscuous mode.
So, I'm trying to understand how all these pieces fit together. Is it
the responsibility of every network driver to keep ether_input() from
seeing all these promiscuous-mode only packets? Wouldn't it be more
efficient to collect these tests inside the ether_input() routine? Of
course, this would then make it easier for me to move the
ngether_send() call up before the IFF_PROMISC test and discard of the
packets.
Has no one ever tried netgraph with a promiscuous interface before?
Naturally, this would not be the usual PPPoE setup, but I thought
netgraph is supposed to be useful for myriad network tasks beyond just
PPPoE or HDLC. Am I the only one ambitious enough to try something
like this?
I'll be pondering further how to make things work, but I could
certainly use some pointers and some architectural insight...
Tom Pavel
Network Physics
pavel@networkphysics.com / pavel@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003212137.NAA37883>