[netgraph] ng_bpf filter large list of IP addresses
    Reshad Patuck 
    reshadpatuck1 at gmail.com
       
    Sat Mar 31 13:46:07 UTC 2018
    
    
  
Hey,
I am trying to load a bpf filter into netgraph's ng_bpf for filtering out thousands of separate individual IP addresses.
I am using a simple c program to generate output that I can load into ng_bpf using a shell.
This works fine for upto a list of about 250 IP addresses, but as I get up to larger IP lists I hit kern.argmax (262144 bytes).
Whenever I try to load a larger filter into ng_bpf using a file I run into an error saying:
```
ngctl: send msg: Invalid argument
ngctl: line 1: error in file
```
I have attached debug output for the same.
My ng_bpf node 'em1-bpf' has two hooks, 'in' and 'out'.
I have linked to a paste with the following files:
- ngtl-command -> the ngctl command which runs correctly from a command line
- ngctl-config -> the ngctl config file with the same filter
- bpf.c -> a c file that takes netgraph node details a pcap-filter and converts it to a ngctl command
- ngctl -> debug 5 in a ngctl shell for running the config file
Please let me know what I am doing wrong with the ngctl config file and if there is another way, maybe something more direct to load a binary bpf filter directly into ng_bpf.
As a hack around this I plan to have two ng_bpfs with multiple nodes between themselves filtering parts of the IP list.
This works but I am not sure of the performance implications of this.
Any suggestions/improvements general tips would be really helpful.
Link to files:
https://paste.ee/p/BHOoG
Thanks and best regards,
Reshad
    
    
More information about the freebsd-net
mailing list