Am 06.10.2014 um 09:21 schrieb Martin Willi <[email protected]>: >> I cannot attach a BPF to an arbitrary socket. On FreeBSD a BPF device >> must be opened, and a network interface on which to filter must be >> associated with that bpf device. > > If attaching that filter does not work, you may alternatively omit the > filter, and then just filter matching ARP packets in userspace. If you > can limit AF_PACKET sockets to just ARP packets (as it is currently > done), the overhead of userspace filtering shouldn't be that bad.
You lost me here. How would I filter matching ARP packets in user space? I wrote a lot of stuff in the past, besides big projects of GUI and non-GUI user space applications, I wrote also device drivers for FreeBSD and Mac OS X. So, basically I am comfortable with the various concepts, however I am missing a link here. I cannot attach a BPF to an arbitrary socket, however I could associate a network interface to a BPF. For this, I only need to know some sort of interface identifier, dev. name, IP, or MAC. Are plugins configurable by parameters, e.g. couldn't I place a parameter like proxy_arp_if = "em1" into the config file and read this value at some place in the course of plugin initialization? Best regards Rolf _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
