I found that in the mean time - thanks for looking.
That leaves me probably with no generic way in npf to detect/determine
broadcast addresses.
NPF does not seem to have PF's :network/:broadcast/:peer mechanism and
all we
can access is the IP layer information.
This looks a bit clumsy.
Ideally I would like a generic way to determine networks, broadcast
addresses and maybe peers statically and dynamically
in order to reduce the configuration spread between interface
configuration and NPF configuration. This would be useful
for my case where the IP address/network is configured via DHCP and I'd
rather like to avoid dhcpcd's hooks to rewrite/reload the
NPF configuration.
Also partial interface names like tun for tun0...tun<n> could be helpful
especially as these interfaces can come and go.
Am I dreaming too much ?
Frank
On 08/22/19 13:22, Michael van Elst wrote:
[email protected] (Frank Kardel) writes:
I just tripped over:
pass in final pcap-filter "ip multicast or ip6 multicast"
flawlessly compiles ... but:
pass in final pcap-filter "ip broadcast"
gives in "npf validate"
/etc/npf.conf:xx:9: invalid pcap-filter(7) syntax
although man 7 pcap-filter says otherwise and tcpdump gladly accepts ip
broadcast.
from libpcap:
case Q_IP:
/*
* We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff)
* as an indication that we don't know the netmask, and fail
* in that case.
*/
if (cstate->netmask == PCAP_NETMASK_UNKNOWN)
bpf_error(cstate, "netmask not known, so 'ip broadcast'
not supported");
npfctl compiles the filter expression with PCAP_NETMASK_UNKNOWN, there
is no netmask it could apply.
