[netgraph] ng_bpf filter large list of IP addresses
Eugene Grosbein
eugen at grosbein.net
Wed Apr 25 15:15:23 UTC 2018
25.04.2018 21:40, Reshad Patuck пишет:
> Hey,
>
> I have tried to write some c code to add a bpf filter to my ng_bpf node, but its just segfaulting.
> My c is not good enough to debug this.
>
> What baffles me is that when I load a filter for 250 IP addresses using the command in this link https://paste.ee/d/BHOoG/3 it loads fine.
> If I use 'ngctl -f' with the file in this link https://paste.ee/d/BHOoG/2 I get an error saying 'ngctl: send msg: Invalid argument; ngctl: line 1: error in file'
> The BPF filter and arguments in that command are exactly the same.
>
> My problem is that I need to load thousands of IP addresses in a blocking filter, which I am not able to pass over a command line because the list becomes too long and I hit either the kern.argmax limit of 262144 bytes or the LINE_MAX (2048) for ngctl.
>
> I can share the c code I am using to attempt this using NgSendAsciiMsg(), but I don't think that would be too useful.
Have you tried changing limits in ngctl's sources and recompile it?
More information about the freebsd-net
mailing list