linux PF_PACKET compatibility
Julian Elischer
julian at freebsd.org
Fri Feb 11 16:48:36 UTC 2011
On 2/11/11 5:40 AM, Da Rock wrote:
> On 02/11/11 19:54, Vlad Galu wrote:
>>
>>
>> On Fri, Feb 11, 2011 at 11:36 AM, Da Rock
>> <freebsd-hackers at herveybayaustralia.com.au
>> <mailto:freebsd-hackers at herveybayaustralia.com.au>> wrote:
>>
>> On 02/11/11 18:17, Julian Elischer wrote:
>>
>> On 2/10/11 11:22 PM, Da Rock wrote:
>>
>> "In recent versions of the Linux kernel (post-2.0
>> releases) a new protocol family has been introduced,
>> named PF_PACKET. This family allows an application to
>> send and receive packets dealing directly with the
>> network card driver, thus avoiding the usual protocol
>> stack-handling (e.g., IP/TCP or IP/UDP processing).
>> That is, any packet sent through the socket will be
>> directly passed to the Ethernet interface, and any
>> packet received through the interface will be directly
>> passed to the application."
>>
>> I've been chasing the answer to a FreeBSD version of
>> this (approx. anyway), but I needed to find out what
>> exactly PF_PACKET was first. Finally found this answer
>> here: http://www.linuxjournal.com/article/4659
>>
>> I looked up man socket and I can see possibilities (in
>> my mind anyway), but I thought I'd be best to check if
>> the gurus here might have a better idea. My reason for
>> this is I'm attempting to build l2tpns (which
>> supposedly builds on 7.3?! with no trouble), and I'm
>> chasing the errors which appear to be linuxisms mostly.
>>
>> So in man socket simply looking at the list of protocol
>> families I'd say network driver level would be similar
>> to PF_LINK link layer interface? Is there another man
>> page I should be looking at as well?
>>
>>
>> We don't have an exact equivalent.. but we have ways of
>> doing the same thing.
>> one way that is suggested is to use pcap and bpf which I am
>> pretty certain has been enhanced to allow sending as
>> well as receiving.
>> you can also hook directly to the interface using netgraph(4)
>> there are other ways too but those are the two that came to
>> mind immediately.
>>
>> So I'm going to have to rewrite that interface entirely?
>> Bugger! I just can't fathom how this howto could even exist for
>> l2tpns on FreeBSD if it isn't even close to buildable... weird!
>>
>> http://kuapp.com/2010/07/14/how-to-setup-l2tpipsec-vpn-on-freebsd.html
>>
>> Thanks guys. I'll probably come back with more problems as I
>> slowly crack this one... :)
>>
>>
>> I suppose you could just use mpd :)
> I could, I guess. But where's the fun in that? :)
>
> Seriously, though, mpd didn't quite cut it (I thought) for me. I
> need a l2tp vpn server with the capability to handle multiple
> clients with only one interface. The server is behind a firewall,
> and I'm trying for a "walled garden" variety I guess. So far my
> research has brought me here, but I'm open to suggestions.
why do you think you need only one interface?
>
> One other that has my attention is l2tpd (in ports). I want radius
> auth, so IF I can use pppd in base and radius (which as I
> understand- so far anyway- it needs), and only uses a single
> interface, then maybe.
pppd in base will I think give you multiple interfaces..
>
> I'm still hunting and playing- learning on the fly. From what I read
> mpd uses an ng interface for every single client. L2tpns doesn't,
> and from what I've read so far neither does l2tpd (I was actually
> looking at another fork of that xl2tpd). I could use some advice
> from someone with experience with this, but my feelers on -questions
> didn't get much response. I may try on -net if this fails...
again, whats' with the single interface?
>
> Aside from that I also wanted to get a bit more of a hands on feel
> for the FreeBSD core. I can't sit on the sidelines yelling at the
> players any more :) I'm not much for spectator sport either...
More information about the freebsd-hackers
mailing list