netgraph question

Lawrence Stewart lstewart at freebsd.org
Fri Jan 11 23:02:18 PST 2008


Hi Subhash,

Subhash Gopinath wrote:
> Hello folks,
> 
> I am looking at writing an application program to tap certain ipv6 packets
> (say icmpv6)
> using netgraph. The application has to do some processing, before kernel can
> proceed
> with those packets.
> 
> I have vaguely understood netgraph, and I see that I need a ng_socket node
> in the application, an ng_bpf node, and an ng_ether or ng_iface node in the
> kernel.
> 
> My question is. would I need to create such nodes for each interface. Then
> it becomes unscalable..
> Can I have just one socket, bpf, iface node that can tap icmpv6 packets on
> all interfaces?

The PFIL(9) interface might also be of interest to you. If all you need 
to do is packet interception and then allow/deny packets based on the 
results of some processing, PFIL might be the way to go. We wrote some 
code (SIFTR [1]) which uses PFIL in a similar capacity and you may want 
to refer to it as an example.

Cheers,
Lawrence

[1] http://caia.swin.edu.au/urp/newtcp/tools.html


More information about the freebsd-hackers mailing list