Julian Elischer wrote:
Kevin Sanders wrote:
On 12/22/06, Brooks Davis <[EMAIL PROTECTED]> wrote:
On Fri, Dec 22, 2006 at 12:43:29PM -0300, Fabr?cio Barros Cabral wrote:
> Hello everybody!
>
> I'm developing a network application which needs *to intercept* a
packet
> (not just *copy* a packet, like libpcap does), move this packet
into my
> application (userland), do some checking in the packet and according
> with some heuristics, the application may change the payload and
> re-inject the modified packet into the network. Note that sometimes,
> I'll change the payload, drop the packet or just let it go.
>
> So, how can a I do that in FreeBSD? I can use 6.1, 7.1, any version.
The feature you're looking for is divert(4) sockets. You use IPFW to
decide which packets to divert to userland and can reinject them as
needed.
-- Brooks
I'm actually working on something with a similar need. How would this
perform compared to a kld module that is using the pfil(9) framework?
I'm
looking to support very high bandwidth networks, with 400mpbs or more
over
gig ethernet. In my case I'm looking at HTTP requests and not
necessarily
every packet once I've done what I need to the actual http
request/headers.
Obviousely, if I grow or shrink the HTTP request, I then have to
"massage"
the seq/ack to keep the two talking, but this is only for a small
percentage
of the sessions, and I didn't want to be hit with a kernel -> user
space ->
kernel transition for every packet.
Divert is designed for diverting from the IP layer, to the user layer
for processing (and returning the packet to be sent out/in). It is fast
enough for most WAN applications.
I use patches to allow me to divert from a bridge (Ethernet layer)
but it's still going to userland.
BTW I was able to do several hundred Mb/Sec through userland..
(largish packets though)
I have the same thing.. which is why I divert from ethernet layer.
There are some tricks that can be done to really speat that up however..
for example you only need to look at the first syn packet.. all the rest
don't need to be looked at or diverted.
just as a reference point,
Using ipfw I was able to saturate a Gb bridge
(between 2 bge interfaces) while filtereing against a
table of 128000 addresses. (in FreeBSD 4.8) using 30% cpu..
machines have gotten faster since then but the OS has slowed a bit.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
