Site Navigation

Date:      Tue, 29 Aug 2006 19:39:04 +0530
From:      "Rajkumar S" <rajkumars@gmail.com>
To:        freebsd-net@freebsd.org
Subject:   Re: Netgraph plumbing question
Message-ID:  <64de5c8b0608290709g6a10463dt4667f59ab6c6163e@mail.gmail.com>
In-Reply-To: <64de5c8b0608280009r52aabb4cl11103635419b845d@mail.gmail.com>
References:  <64de5c8b0608250849p2912457cs84c227cc914d1f10@mail.gmail.com> <20060826144424.GC30165@rambler-co.ru> <64de5c8b0608280009r52aabb4cl11103635419b845d@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On 8/28/06, Rajkumar S <rajkumars@gmail.com> wrote:
> On 8/26/06, Ruslan Ermilov <ru@freebsd.org> wrote:
> > + msg bpf: setprogram { thisHook="in1" ifNotMatch="mixed" }
>
> This is not working, and I get an error:
> ngctl: send msg: Invalid argument

Did some more work on this. It seems the full commands needs  to be given.

The following commands are working fine, and I am able to ping form an
external machine to my box.

+ mkpeer rl0: bpf lower from_lower
+ name rl0:lower bpf
+ connect rl0: bpf: upper to_upper
+ mkpeer bpf: hole discard discard
+ msg bpf: setprogram { thisHook="from_lower" ifMatch="discard"
ifNotMatch="to_upper" bpf_prog_len=1 bpf_prog=[ { code=6 jt=0 jf=0 k=0
} ] }
+ msg bpf: setprogram { thisHook="to_upper" ifMatch="discard"
ifNotMatch="from_lower" bpf_prog_len=1 bpf_prog=[ { code=6 jt=0 jf=0
k=0 } ] }

Now I am trying to allow only icmp

+ msg bpf: setprogram { thisHook="from_lower" ifMatch="to_upper"
ifNotMatch="discard" bpf_prog_len=6 bpf_prog=[ { code=40 jt=0 jf=0
k=12 } { code=21 jt=0 jf=3 k=2048 } { code=48 jt=0 jf=0 k=23 } {
code=21 jt=0 jf=1 k=1 } { code=6 jt=0 jf=0 k=8192 } { code=6 jt=0 jf=0
k=0 } ] }

+ msg bpf: setprogram { thisHook="to_upper" ifMatch="from_lower"
ifNotMatch="discard" bpf_prog_len=6 bpf_prog=[ { code=40 jt=0 jf=0
k=12 } { code=21 jt=0 jf=3 k=2048 } { code=48 jt=0 jf=0 k=23 } {
code=21 jt=0 jf=1 k=1 } { code=6 jt=0 jf=0 k=8192 } { code=6 jt=0 jf=0
k=0 } ] }

which also works.

I will try with C code also tomorrow.

raj

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64de5c8b0608290709g6a10463dt4667f59ab6c6163e>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact