Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility)

From: Joao Barros <joao.barros_at_gmail.com>
Date: Sun, 11 Jun 2006 16:36:08 +0100
Hi,

I'm very interested in this, great work! :-)
I can't load the kld on my Sun Sparc, I think I messed up ld yesterday
trying to patch for a bug that show's in firefox and mozilla. It
compiles, just doesn't run. As soon as I have it up and running I'll
give you feedback.

Have you tested it with pf? If so can you give me some examples?
I'm particularly interested in this for doing packed shaping, especially on P2P.

Thanks for your work!

On 6/10/06, Vadim Goncharov <vadimnuclight_at_tpu.ru> wrote:
> Hello All!
>
> I wrote new netgraph(4) node, called ng_tag, able to match packets by
> their mbuf_tags(9) and assign new tags to mbufs. This can be used for
> many things in the kernel network subsystem, but particularly useful
> with recently added ipfw(8) tag/tagged functionality (will be MFCed to
> RELENG_6 after Jun 24).
>
> With this node, in conjunction with ng_bpf(4), I was able to match and
> block (perhaps shaping is also possible, but this relies solely on ipfw)
> DirectConnect P2P data connections traffic - you know, they're using
> random ports, so you can't match them with usual firewall rules and must
> check data payload contents of the packets. See man page for example of
> how to do this.
>
> Download files from here: http://antigreen.org/vadim/freebsd/ng_tag/
> Then do:
>
>    make
>    kldload ./ng_tag.ko
>
> Man page can be viewed as:
>
>    cat ng_tag.4 | /usr/bin/tbl | /usr/bin/groff -S -Wall -mtty-char -man \
>      -Tascii | /usr/bin/col | more -s
>
> Please especially test tags with non-zero tag_len, if you can (though it's
> not needed for ipfw).
>
> P.S. BTW, what is correct subject prefix for new contributions? I think
> [PATCH] is not correct as these are new files, not patch :)
>
> --
> WBR, Vadim Goncharov
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>


-- 
Joao Barros
Received on Sun Jun 11 2006 - 13:36:11 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC