From owner-freebsd-net@FreeBSD.ORG Wed Jul 9 12:34:04 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C71F37B401 for ; Wed, 9 Jul 2003 12:34:04 -0700 (PDT) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6169443FA3 for ; Wed, 9 Jul 2003 12:34:03 -0700 (PDT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.9/8.12.3) with ESMTP id h69JXrib018544; Wed, 9 Jul 2003 12:33:53 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.9/8.12.3/Submit) id h69JXrhJ018542; Wed, 9 Jul 2003 12:33:53 -0700 Date: Wed, 9 Jul 2003 12:33:53 -0700 From: Brooks Davis To: kw3wong@engmail.uwaterloo.ca Message-ID: <20030709193353.GA17128@Odin.AC.HMC.Edu> References: <1057778632.3f0c6bc8af474@www.nexusmail.uwaterloo.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: <1057778632.3f0c6bc8af474@www.nexusmail.uwaterloo.ca> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu cc: freebsd-net@freebsd.org cc: dsze@engmail.uwaterloo.ca Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2003 19:34:04 -0000 --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 09, 2003 at 03:23:52PM -0400, kw3wong@engmail.uwaterloo.ca wrot= e: > Hi guys, >=20 > My first attempts at hacking FreeBSD kernel code has not been very fruitf= ul, so=20 > I'm hoping someone with more experience and knowhow might be able to poin= t out=20 > the mistakes that I'm making. >=20 > Firstly, let me explain what I'm trying to do. I'm currently working on a= =20 > University project that performs some type of transformation (compression= ,=20 > security, string replacement, etc) on packets as they pass through the sy= stem.=20 > The current setup has the FreeBSD machine configured as a router, and the= =20 > transformation is performed on packets that are routed. This is done via = divert=20 > sockets and everything is fine and dandy, we're getting great results fro= m this=20 > setup. >=20 > However, what we want to do next is to have the machine setup as a ethern= et=20 > bridge instead, and the transformation is to be performed on the bridged= =20 > packets. Unfortunately, as most of you probably know, divert sockets do n= ot=20 > work with bridges as of yet. Since you are paying the price of pulling all packets into userland anyway, I'd suggest you just do the bridging in userland. You can use bpf to send and recieve packets on each interface and then bridge and process them in your application. I did this a while back and the whole thing took about 1400 lines of code. Unfortunalty, I can't release the code, but it only took a few hours to write and debug the bridging part. -- Brooks --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/DG4fXY6L6fI4GtQRAu1gAKC4ofX2YjVr8IyAPGYPNFebb6AixwCg1THE 8oWpb8TvldsJKFehgYV9qJs= =B5HP -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--