[netgraph] ng_bpf filter large list of IP addresses

[Reshad Patuck]

Hey,
​
I am trying to load a bpf filter into netgraph's ng_bpf for filtering out thousands of separate individual IP addresses.
​
I am using a simple c program to generate output that I can load into ng_bpf using a shell.
​
This works fine for upto a list of about 250 IP addresses, but as I get up to larger IP lists I hit kern.argmax (262144 bytes).
​
Whenever I try to load a larger filter into ng_bpf using a file I run into an error saying:
```
ngctl: send msg: Invalid argument
ngctl: line 1: error in file
```
I have attached debug output for the same.
​
My ng_bpf node 'em1-bpf' has two hooks, 'in' and 'out'.
​
I have linked to a paste with the following files:
- ngtl-command -> the ngctl command which runs correctly from a command line
- ngctl-config -> the ngctl config file with the same filter
- bpf.c -> a c file that takes netgraph node details a pcap-filter and converts it to a ngctl command
- ngctl -> debug 5 in a ngctl shell for running the config file
​
Please let me know what I am doing wrong with the ngctl config file and if there is another way, maybe something more direct to load a binary bpf filter directly into ng_bpf.
​
As a hack around this I plan to have two ng_bpfs with multiple nodes between themselves filtering parts of the IP list.
This works but I am not sure of the performance implications of this.
​
Any suggestions/improvements general tips would be really helpful.
​
Link to files:
https://paste.ee/p/BHOoG
​
Thanks and best regards,
​
Reshad