Using netgraph for filtering/modifing packets
Gleb Smirnoff
glebius at cell.sick.ru
Mon Jun 14 16:19:48 GMT 2004
On Mon, Jun 14, 2004 at 10:48:34AM -0400, James Housley wrote:
J> For testing of a product I would like to be able to modify or even drop
J> packets based on their content. What I have in mind is forcing the
J> packets through a firewall that would redirect all packet to a netgraph
J> node that would either pass unchanged, drop or change the contents to
J> assist in testing some corner cases in the code.
To pass traffic from ipfw to netgraph and back in you
need divert rule and ng_ksocket listening on divert socket.
J> 1) is this something doable with netgraph, I believe it is.
J>
J> 2) what might be a good place to start? Have done some searching, but
J> haven't found any example code I thought I could start from.
see /usr/src/sys/netgraph/ng_sample.c
and article http://www.daemonnews.org/200003/netgraph.html
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-net
mailing list