From owner-freebsd-net@FreeBSD.ORG  Wed Mar  2 19:50:35 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0A69716A4CE; Wed,  2 Mar 2005 19:50:35 +0000 (GMT)
Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id D0B7F43D1D; Wed,  2 Mar 2005 19:50:34 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97])
	by mail.vicor-nb.com (Postfix) with ESMTP
	id B74907A41E; Wed,  2 Mar 2005 11:50:34 -0800 (PST)
Message-ID: <4226190A.7040106@elischer.org>
Date: Wed, 02 Mar 2005 11:50:34 -0800
From: Julian Elischer <julian@elischer.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050218
X-Accept-Language: en, hu
MIME-Version: 1.0
To: Ruslan Ermilov <ru@freebsd.org>
References: <37e131660503011947346b94fb@mail.gmail.com>
	<20050302123846.GC47110@ip.net.ua>
In-Reply-To: <20050302123846.GC47110@ip.net.ua>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: Aziz KEZZOU <opensource.enthousiat@gmail.com>
cc: freebsd-net@freebsd.org
Subject: Re: netgraph question : how to intercept incoming IP packets of a
 certain type?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2005 19:50:35 -0000



Ruslan Ermilov wrote:

>On Tue, Mar 01, 2005 at 10:47:07PM -0500, Aziz KEZZOU wrote:
>  
>
>>Hi folks,
>>Here is what I want to do : "Intercept all incoming IP packets on an
>>Ethernet interface of a certain type (e.g RSVP) and call my own
>>function to process, all inside the kernel"
>>
>>Netgraph nodes : ng_iface, nf_bpf (and probably ng_ether) look
>>promising for this task but I can not figure out how to do it in
>>practice...
>> 
>>Any help is appreciated. Thanks,
>>
>>    
>>
>I thought Julian already answered this...
>  
>

you can do it even without ng_ipfw

use ng_ksocket to open a divert socket and
use ipfw divert to send packets to it.

>You can do this with ng_ipfw(4) in -CURRENT.  Or you can filter
>(with ng_bpf(4)) the packets of interest and forward them
>somewhere.  Example:
>
> +---v
> | (upper)
> |  rl0: [ng_ether]
> | (lower)
> |   ^
> |   |
> |   v
> | (lower)
> | bpf_rl0: [ng_bpf]
> | (upper)
> +---^
>
>[bpf] should be configured to forward matching packets received on
>"lower" to some other hook, and non-matching packets to "upper".
>Similarly for packets received on "upper", forward packets of
>interest to some other hook, and non-matching packets to "lower".
>
>
>Cheers,
>  
>