Date: Tue, 21 Mar 2000 13:37:56 -0800 From: Tom Pavel <pavel@NetworkPhysics.COM> To: freebsd-net@FreeBSD.ORG Subject: Netgraph and promiscuous interfaces Message-ID: <200003212137.NAA37883@gto.networkphysics.com>
next in thread | raw e-mail | index | archive | help
Encouraged by my hard-won success at getting the trivial "nghook -a de3: divert" example working (see my Mar 16 message on KLD problems with netgraph), I have moved on in my effort to convert a BPF-based userland app into netgraph-based kernel processing. I discovered that nghook will show me only ARPs and packets directed to my interfaces' IP address. Well, of course, the interface is not in promiscuous mode... So, I discovered that the "mtest" program provides a simple way to set promiscuous mode on an interface, saving me the trouble of writing a program to do the SIOCSIFFLAGS ioctl. Afterwards, ifconfig indeed shows me the PROMISC flag. It turns out, however, that my strategy of replacing BPF with netgraph is flawed. All of the drivers I looked at contain code something like this (from if_de.c): if ((sc->tulip_flags & (TULIP_PROMISC|TULIP_HASHONLY)) && (eh.ether_dhost[0] & 1) == 0 && !TULIP_ADDREQUAL(eh.ether_dhost, sc->tulip_enaddr)) goto next; accept = 1; ... next: ... if (accept) ether_input(ifp, &eh, ms); Clearly, the idea is that BPF is the only consumer of promiscuous-mode packets and that ether_input() should not be called with packets that wouldn't otherwise be seen when the interface is in promiscuous mode. So, I'm trying to understand how all these pieces fit together. Is it the responsibility of every network driver to keep ether_input() from seeing all these promiscuous-mode only packets? Wouldn't it be more efficient to collect these tests inside the ether_input() routine? Of course, this would then make it easier for me to move the ngether_send() call up before the IFF_PROMISC test and discard of the packets. Has no one ever tried netgraph with a promiscuous interface before? Naturally, this would not be the usual PPPoE setup, but I thought netgraph is supposed to be useful for myriad network tasks beyond just PPPoE or HDLC. Am I the only one ambitious enough to try something like this? I'll be pondering further how to make things work, but I could certainly use some pointers and some architectural insight... Tom Pavel Network Physics pavel@networkphysics.com / pavel@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003212137.NAA37883>