[strongSwan-dev] Proxy ARP plugin farp or FreeBSD
Dr. Rolf Jansen
rj at obsigna.com
Mon Oct 6 16:29:30 CEST 2014
Am 06.10.2014 um 09:21 schrieb Martin Willi <martin at strongswan.org>:
>> I cannot attach a BPF to an arbitrary socket. On FreeBSD a BPF device
>> must be opened, and a network interface on which to filter must be
>> associated with that bpf device.
>
> If attaching that filter does not work, you may alternatively omit the
> filter, and then just filter matching ARP packets in userspace. If you
> can limit AF_PACKET sockets to just ARP packets (as it is currently
> done), the overhead of userspace filtering shouldn't be that bad.
You lost me here. How would I filter matching ARP packets in user space?
I wrote a lot of stuff in the past, besides big projects of GUI and non-GUI user space applications, I wrote also device drivers for FreeBSD and Mac OS X. So, basically I am comfortable with the various concepts, however I am missing a link here.
I cannot attach a BPF to an arbitrary socket, however I could associate a network interface to a BPF. For this, I only need to know some sort of interface identifier, dev. name, IP, or MAC. Are plugins configurable by parameters, e.g. couldn't I place a parameter like proxy_arp_if = "em1" into the config file and read this value at some place in the course of plugin initialization?
Best regards
Rolf
More information about the Dev
mailing list