netgraph question : how to intercept incoming IP packets of a
certain type?
Julian Elischer
julian at elischer.org
Wed Mar 2 11:50:35 PST 2005
Ruslan Ermilov wrote:
>On Tue, Mar 01, 2005 at 10:47:07PM -0500, Aziz KEZZOU wrote:
>
>
>>Hi folks,
>>Here is what I want to do : "Intercept all incoming IP packets on an
>>Ethernet interface of a certain type (e.g RSVP) and call my own
>>function to process, all inside the kernel"
>>
>>Netgraph nodes : ng_iface, nf_bpf (and probably ng_ether) look
>>promising for this task but I can not figure out how to do it in
>>practice...
>>
>>Any help is appreciated. Thanks,
>>
>>
>>
>I thought Julian already answered this...
>
>
you can do it even without ng_ipfw
use ng_ksocket to open a divert socket and
use ipfw divert to send packets to it.
>You can do this with ng_ipfw(4) in -CURRENT. Or you can filter
>(with ng_bpf(4)) the packets of interest and forward them
>somewhere. Example:
>
> +---v
> | (upper)
> | rl0: [ng_ether]
> | (lower)
> | ^
> | |
> | v
> | (lower)
> | bpf_rl0: [ng_bpf]
> | (upper)
> +---^
>
>[bpf] should be configured to forward matching packets received on
>"lower" to some other hook, and non-matching packets to "upper".
>Similarly for packets received on "upper", forward packets of
>interest to some other hook, and non-matching packets to "lower".
>
>
>Cheers,
>
>
More information about the freebsd-net
mailing list