[netgraph] ng_bpf filter large list of IP addresses

Sun Apr 1 08:36:09 UTC 2018

Hi Eugene,

Thanks for your quick reply.

The issue that I am facing is for a list of 250 IP addresses, I can generate a bpf filter that works when I specify it on the command line.
```
# ngctl msg em1-bpf: setprogram { thisHook=\"in\" ifMatch=\"out\" bpf_prog_len=258 bpf_prog=[ { code=40 jt=0 jf=0 k=12 } 
```

But when I try to use `-f` or the `read` command, either for a file on disk or using echo pipe or a STDIN redirect I get this error:
```
ngctl: send msg: Invalid argument
ngctl: line 1: error in file
```

This is odd because when I specify arguments via the terminal (under the kern.argmax limit) everything works fine.

Here are my sysctls for netgraph and bpf.
```
# sysctl net.graph
net.graph.control.proto: 2
net.graph.data.proto: 1
net.graph.family: 32
net.graph.recvspace: 9000000
net.graph.maxdgram: 5120000
net.graph.msg_version: 8
net.graph.abi_version: 12
net.graph.maxdata: 4096
net.graph.maxalloc: 4096
net.graph.threads: 8
# sysctl net.bpf
net.bpf.maxbufsize: 524288
net.bpf.bufsize: 4096
net.bpf.optimize_writers: 0
net.bpf.zerocopy_enable: 0
net.bpf.maxinsns: 512000
```

Best regards,

Reshad

On 31 March 2018 7:42:13 PM IST, Eugene Grosbein <eugen at grosbein.net> wrote:
>31.03.2018 20:46, Reshad Patuck wrote:
>
>[skip]
>
>> Please let me know what I am doing wrong with the ngctl config file
>and if there is another way,
>> maybe something more direct to load a binary bpf filter directly into
>ng_bpf.
>
>[skip]
>
>Please read ngctl(8) manual page carefully. There are other ways.
>First, you may move all arguments to ngctl from command line to a file
>and run ngctl -f filename.
>Second, as for many other utilities, you can use dash (-) instead of
>filename to make ngctl
>read its arguments from standard input, e.g. this is the same as "ngctl
>ls":
>
># echo ls | ngctl -f -
>There are 9 total nodes:
>Name: em0             Type: ether           ID: 00000001   Num hooks: 0
>
>Then, for shell script, you can use << such as:
>
>#!/bin/sh
>
>ngctl -f - << EOF
>msg em1-bpf: setprogram $program
>EOF
>
>All these methods impose no limits on size of such control messages.
>
>However, there is loader tunnable net.graph.maxdgram that imposes
>another
>limit on size of binary representation of control message that ngctl
>passes to a kernel
>and you may need to increase it at some point. I increase it upto 8
>megabytes for my purposes.