Date: Sat, 12 Jan 2008 17:32:19 +1100 From: Lawrence Stewart <lstewart@freebsd.org> To: Subhash Gopinath <subhashg.unix@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: netgraph question Message-ID: <47885EF3.8070104@freebsd.org> In-Reply-To: <5db9d2e0801112010s55812b20p6a43f0fbb5cddd17@mail.gmail.com> References: <5db9d2e0801112010s55812b20p6a43f0fbb5cddd17@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Subhash, Subhash Gopinath wrote: > Hello folks, > > I am looking at writing an application program to tap certain ipv6 packets > (say icmpv6) > using netgraph. The application has to do some processing, before kernel can > proceed > with those packets. > > I have vaguely understood netgraph, and I see that I need a ng_socket node > in the application, an ng_bpf node, and an ng_ether or ng_iface node in the > kernel. > > My question is. would I need to create such nodes for each interface. Then > it becomes unscalable.. > Can I have just one socket, bpf, iface node that can tap icmpv6 packets on > all interfaces? The PFIL(9) interface might also be of interest to you. If all you need to do is packet interception and then allow/deny packets based on the results of some processing, PFIL might be the way to go. We wrote some code (SIFTR [1]) which uses PFIL in a similar capacity and you may want to refer to it as an example. Cheers, Lawrence [1] http://caia.swin.edu.au/urp/newtcp/tools.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47885EF3.8070104>