Date: Mon, 14 Jun 2004 20:19:29 +0400 From: Gleb Smirnoff <glebius@cell.sick.ru> To: James Housley <jim@Thehousleys.net> Cc: freebsd-net@freebsd.org Subject: Re: Using netgraph for filtering/modifing packets Message-ID: <20040614161929.GA19167@cell.sick.ru> In-Reply-To: <40CDBAC2.50403@Thehousleys.net> References: <40CDBAC2.50403@Thehousleys.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 14, 2004 at 10:48:34AM -0400, James Housley wrote: J> For testing of a product I would like to be able to modify or even drop J> packets based on their content. What I have in mind is forcing the J> packets through a firewall that would redirect all packet to a netgraph J> node that would either pass unchanged, drop or change the contents to J> assist in testing some corner cases in the code. To pass traffic from ipfw to netgraph and back in you need divert rule and ng_ksocket listening on divert socket. J> 1) is this something doable with netgraph, I believe it is. J> J> 2) what might be a good place to start? Have done some searching, but J> haven't found any example code I thought I could start from. see /usr/src/sys/netgraph/ng_sample.c and article http://www.daemonnews.org/200003/netgraph.html -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040614161929.GA19167>