From owner-freebsd-net@FreeBSD.ORG Thu Jul 10 11:55:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCF7537B401 for ; Thu, 10 Jul 2003 11:55:29 -0700 (PDT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43B9543F3F for ; Thu, 10 Jul 2003 11:55:29 -0700 (PDT) (envelope-from julian@elischer.org) Received: from interjet.elischer.org ([12.233.125.100]) by attbi.com (rwcrmhc11) with ESMTP id <2003071018552001300gtcmae>; Thu, 10 Jul 2003 18:55:20 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id LAA41238; Thu, 10 Jul 2003 11:55:18 -0700 (PDT) Date: Thu, 10 Jul 2003 11:55:17 -0700 (PDT) From: Julian Elischer To: kw3wong@engmail.uwaterloo.ca In-Reply-To: <1057782950.3f0c7ca6255e8@www.nexusmail.uwaterloo.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: dsze@engmail.uwaterloo.ca Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2003 18:55:30 -0000 On Wed, 9 Jul 2003 kw3wong@engmail.uwaterloo.ca wrote: > Hi Julian, > > Thanks for the tip, it looks like netgraph can do what I need to do. I've never > used netgraph before, so I better do some background reading first before > asking any more questions. > > I guess once I moved away from the IP layer to the link layer, divert sockets > no longer make that much sense to use. Although it is very tempting since the > interface is just so simple... =) > > Bernie > > grab the source for nghook /usr/src/usr.sbin/nghook and hack it to open 2 interfaces at once nghook would take teh arguments nghook fxp0: lower to intercept all packets coming in on fxp0 and to be able to send packets out through it. nghook fxp0: upper intercepts all packets from the local machine that would go out through fxp0, and any packets you sed there would be received by the system. If you hack nghook to open multiple of these connections than you can read and write to teh various places at will. alternatively you could hack the ng_bridge node to pass all packets to you. As luigi suggest, you could also use the 'tap' interface type of thing using a bridge of some type so get the oackets you want to it. This is effectively the same as the ng_eiface node type except that the eiface netgraph passes its output through a netgraph interface so that it can be piped through more netgraph nodes (e.g. filterred or fed into a socket directly) where tap passes its data to a device /dev/tapX. Having done quite a bit of this I suggest you look at http://ezine.daemonnews.org/200003/netgraph.html for an overview of how netgraph works... julian