A netgraph question.

Julian Elischer julian at elischer.org
Sat Nov 1 17:35:17 PDT 2008 

Joe Pellegrino wrote:
> 
> OK so here it goes. I actually have two seperate questions involving 
> netgraph, I am new to this subject so please bare with me. If there is a 
> better way to achieve these goals too, please suggest them but I think 
> netgraph is the way to go.
> 

I'll try answer your questions..

> The first part involves allowing a userland program to communicate with 
> a kernel module, similar to how netlink works in Linux. The second part 
> involves intercepting network packets and possibly manipulating them 
> before they are allowed to proceed, similar to how netfilter works. I 
> believe I can do both of these with the netgraph (ng_socket and possibly 
> ng_ether). I haven't looked closely at ng_ether yet so I'll focus on 
> ng_socket.
> 
> I have been able to create a ng_socket (Control and Data) using the 
> socket call as described in "All About NetGraphs" and the man page. I've 
> also been able to 'name' the node using bind. I was able to verify this 
> using ngctl. I know (from the man page) I should eventually be able to 
> send/receive using the sendto/recvfrom functions once the connection is 
> established. But beyond this I don't know how to proceed. So the 
> question is what are the next steps. For example:
> 
> Although I see a named netgraph node there are no hooks. ng_socket says 
> it supports an arbitrary number of hooks so how do I create the hooks? 
> Then of course how do I connect them.

Hooks are created on demand..
you need to send a 'connect' or 'mkpeer' message to the node(s)
  on which you want t script level, you just use the ngctl program
to do it for you.

Hooks are always made in pairs. so you need two nodes to connect.
The mkpeer message does this for you, and creates a new node and 
connects them together by two hooks of the names you specify.

Have you looked at the sample netgraph scripts in 
/usr/share/examples/netgraph?


> 
> Of course I realize that I proabably need to create a node on the kernel 
> side so which type of netgraph node would be suggested? How is it 
> created and then hooked to the ng_socket? 

for fun you could use the ng_echo node type which would send 
everything you want back to you..

Alternatively when you kldload the ng-ether node type, then all the 
ethernets will grow nodes to match them so you can connect to them 
directly.

You could connect an ng_bpf (packet filter) node to the ng_ether node
and pass specific packets only on to the socket.

I'm not sure if teh bpf filter assumes it has the whole packet or just 
the IP packet, but assuming your interface was em0,
so you could do something like:

# hook the 'lower' hook of em0 to the bpf filter.
ngctl mkpeer 'em0' bpf lower input

#name the bpf node so we can reference it easily
ngctl name em0.lower filter

# connect the upper part of the filter to the ethernet
# so that packets not accepted are sent on as before
ngctl connect em0 filter upper nomatch

# we need to connect the 'match' hook of the filter to something
# that we can connect to later so use a 'tee' node as a paperweight.
ngctl mkpeer filter tee match left
ngctl name filter.match paperweight

# now program the bpf node's 'input' hook  to filter packets
# as shown in the ng_bpf man page
[steal code from ng_bpf man page]

# program the 'match' hook with a null program to pass it's packets
# (outgoing packets) straight back to 'lower'
[steal code from ng_bpf man page]
# now connect to the 'right' hook  of the tee
# to get output.

nghook -a paperweight right

you should now have hex encoded output of all packets you have 
selected by the bpf filter.

the weakness of this is that I'm not sure if the ng_bpf node handles
ethernet packets.. yo may need ot use some other node..



if you want to write your own node, start with the code in 
/usr/src/sys/netgraph/ng_sample.c

to compile it, go to /usr/src/sys/modules/netgraph
and copy one of the existing directories
modify the makefile  to reference you new file
and use 'make'



> 
> Again I am looking to allow some IPC between a userland program and a 
> kernel module similar to the Linux netlink. I've been through most man 
> pages and can't seem to find a lot of good documentation or example code 
> so I am hoping to get some pointers here. BTW If this is the wrong list 
> please directly to the right place to ask. Thanks in advance.

not sure what netlink does..
(will look on google :-)

> 
> ---jdp
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list