#!/bin/sh

# PROVIDE: ng_bpf
# REQUIRE: LOGIN abi
# BEFORE:  securelevel

. /etc/rc.subr

name="ng_bpf"

# see http://citrin.ru/freebsd:ng_ipfw_ng_bpf for more info
#
# udp[10] & 0x80 = 0 - Query bit = 1
# udp[udp[4:2]-4 : 4] = 0x000f0001 - type MX and class IN (at the end of the packet)
#
# udp dst port 53 and udp[10] & 0x80 = 0 and udp[udp[4:2]-4 : 4] = 0x000f0001
bpf_prog="bpf_prog_len=17 bpf_prog=[ { code=48 jt=0 jf=0 k=9 } { code=21 jt=0 jf=14 k=17 } { code=40 jt=0 jf=0 k=6 } { code=69 jt=12 jf=0 k=8191 } { code=177 jt=0 jf=0 k=0 } { code=72 jt=0 jf=0 k=2 } { code=21 jt=0 jf=9 k=53 } { code=80 jt=0 jf=0 k=10 } { code=69 jt=7 jf=0 k=128 } { code=72 jt=0 jf=0 k=4 } { code=20 jt=0 jf=0 k=4 } { code=12 jt=0 jf=0 k=0 } { code=7 jt=0 jf=0 k=0 } { code=64 jt=0 jf=0 k=0 } { code=21 jt=0 jf=1 k=983041 } { code=6 jt=0 jf=0 k=65535 } { code=6 jt=0 jf=0 k=0 } ]"

ngctl="/usr/sbin/ngctl"

start_cmd="start_cmd"
# stop not implemented
stop_cmd=":"

extra_commands="stats"
stats_cmd="getstats_cmd"

start_cmd()
{
	# modules must be already loaded (via /boot/loader.conf)
	debug "create ng_bpf node and connect to ipfw"
	$ngctl mkpeer ipfw: bpf 1 main
	$ngctl name ipfw:1 dns_mx_q_filter
	debug "set bpf program"
	$ngctl msg dns_mx_q_filter: setprogram { thisHook=\"main\" ifMatch=\"\" ifNotMatch=\"main\" $bpf_prog }
}

getstats_cmd()
{
	$ngctl msg dns_mx_q_filter: getstats \"main\"
}

load_rc_config $name

: ${ng_bpf_enable="YES"}

run_rc_command "$1"