Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Oct 2006 10:08:00 -0700
From:      "pete wright" <nomadlogic@gmail.com>
To:        "Eduardo Meyer" <dudu.meyer@gmail.com>
Cc:        stable@freebsd.org
Subject:   Re: Netgraph - ng_bpf help (first experience)
Message-ID:  <57d710000610101008h47c96971v35b5483ca6052fad@mail.gmail.com>
In-Reply-To: <d3ea75b30610100938k5fe929a7n3641b469b16c8bd1@mail.gmail.com>
References:  <d3ea75b30610100938k5fe929a7n3641b469b16c8bd1@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 10/10/06, Eduardo Meyer <dudu.meyer@gmail.com> wrote:
> Hello,
>
> I tried asking it on freebsd-ipfw@ but I got no luck. Maybe because
> this is related to Netgraph and not ipfw essentially.
>
> I want to use ng_bpf to use ng_tag to use ipfw-tag. Looks like lego,
> where I have to assemble my toy, but I liked Lego when I was a child.
>
> Following ng_bpf(4) man page I ran this script:
>
> PATTERN="(ether[40:4]=0x134e5844 &&
>          ether[44:4]=0x6f6d6169 &&
>          ether[48:4]=0x6e0a)"
>
>  NODEPATH="my_node:"
>  INHOOK="hook1"
>  MATCHHOOK="hook2"
>  NOTMATCHHOOK="hook3"
>
>  cat > /tmp/bpf.awk << xxENDxx
>  {
>   if (!init) {
>     printf "bpf_prog_len=%d bpf_prog=[", \$1;
>     init=1;
>   } else {
>     printf " { code=%d jt=%d jf=%d k=%d }", \$1, \$2, \$3, \$4;
>   }
>  }
>  END {
>   print " ]"
>  }
>  xxENDxx
>
>         BPFPROG=`tcpdump -s 8192 -ddd ${PATTERN} | awk -f /tmp/bpf.awk`
>         ngctl msg ${NODEPATH} setprogram { thisHook=\"${INHOOK}\" \
>   ifMatch=\"${MATCHHOOK}\" \
>   ifNotMatch=\"${NOTMATCHHOOK}\" \
>   ${BPFPROG} } }
>
> But I got this message:
>
> ngctl: send msg: No such file or directory
>

are you sure you are able to write to /tmp, this error looks like it
is not able to read /tmp/bpf.awk.

> I printed the full commands that returns the error, it is:
>
> ngctl msg setprogram { thisHook="" ifMatch="" ifNotMatch=""
> bpf_prog_len=8 bpf_prog=[ { code=32 jt=0 jf=0 k=40 } { code=21 jt=0
> jf=5 k=323901508 } { code=32 jt=0 jf=0 k=44 } { code=21 jt=0 jf=3
> k=1869439337 } { code=32 jt=0 jf=0 k=48 } { code=21 jt=0 jf=1 k=28170
> } { code=6 jt=0 jf=0 k=8192 } { code=6 jt=0 jf=0 k=0 } ] } }
>

i suspect this is what the contents of /tmp/bpf.awk are.  if not maybe
post that to the thread....

-pete

-- 
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57d710000610101008h47c96971v35b5483ca6052fad>