I hope somebody out there can help me with a problem I'm having.
I wan't to make a filtering bridge. I've got the bridge working (using netgraph), but I can't seem to implement filtering using a bpf node.
My current configuration of the bridge is as follows:
+---------------------------------+
| bnet0 (bridge) |
+---+----------+---+----------+---+
| | | | | |
| L | | L | | L |
| i | | i | | i |
| n | | n | | n |
| k | | k | | k |
| 0 | | 1 | | 2 |
| | | | | |
+---+ +---+ +---+
| | | | | |
| L | | U | | L |
| o | | p | | o |
| w | | p | | w |
| e | | e | | e |
| r | | r | | r |
| | | | | |
+-+---+-+ +-+---+-+ +-+---+-+
| rl0 | | rl0 | | tap0 |
+-------+ +-------+ +-------+The tap0 device is the one I want to filter, preferably for both incoming and outgoing if possible, but oneway filtering will suffice.
I was thinking of a setup somewhat like this:
+---------------------------------+
| bnet0 (bridge) |
+---+----------+---+----------+---+
| | | | | |
| L | | L | | L |
| i | | i | | i |
| n | | n | | n |
| k | | k | | k |
| 0 | | 1 | | 2 |
| | | | | |
+---+ +---+ +---+
| | | | | |
| L | | U | | M |
| o | | p | | a |
| w | | p | | t |
| e | | e | | c |
| r | | r | | h |
| | | | | H |
+-+---+-+ +-+---+-+ | o |
| rl0 | | rl0 | | o |
+-------+ +-------+ | k |
+-+---+-+-------------+
| bpf0 | NoMatchHook | -> (to nothingness)
+-+---+-+-------------+
| |
| t |
| h |
| i |
| s |
| H |
| o |
| o |
| k |
| |
+---+
| |
| L |
| o |
| w |
| e |
| r |
| |
+-+---+-+
| tap0 |
+-------+However I'm not sure if that is the right way to implement it, since it doesn't work. I've also tried using one2many to split tap0:lower into two hooks, because I thought that the setup described above could only allow for data being transmitted in one direction. But that did not work either. I've used the shell script ether.bridge as a basis for the configuration. I can mail the script I've made (it's not very big) in my next post if that will help. This mail is big enough already as it is I think.
If someone has some suggestions, they would be much appreciated.
Thanks
Br, Thomas Gielfeldt
To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
