I found that in the mean time - thanks for looking.That leaves me probably with no generic way in npf to detect/determine broadcast addresses.
NPF does not seem to have PF's :network/:broadcast/:peer mechanism and all we
can access is the IP layer information. This looks a bit clumsy.Ideally I would like a generic way to determine networks, broadcast addresses and maybe peers statically and dynamically
in order to reduce the configuration spread between interface configuration and NPF configuration. This would be useful
for my case where the IP address/network is configured via DHCP and I'd rather like to avoid dhcpcd's hooks to rewrite/reload the
NPF configuration.Also partial interface names like tun for tun0...tun<n> could be helpful especially as these interfaces can come and go.
Am I dreaming too much ? Frank On 08/22/19 13:22, Michael van Elst wrote:
kardel%netbsd.org@localhost (Frank Kardel) writes:I just tripped over: pass in final pcap-filter "ip multicast or ip6 multicast" flawlessly compiles ... but: pass in final pcap-filter "ip broadcast" gives in "npf validate" /etc/npf.conf:xx:9: invalid pcap-filter(7) syntax although man 7 pcap-filter says otherwise and tcpdump gladly accepts ip broadcast.from libpcap: case Q_IP: /* * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) * as an indication that we don't know the netmask, and fail * in that case. */ if (cstate->netmask == PCAP_NETMASK_UNKNOWN) bpf_error(cstate, "netmask not known, so 'ip broadcast' not supported"); npfctl compiles the filter expression with PCAP_NETMASK_UNKNOWN, there is no netmask it could apply.