Re: How do people use npf with dhcpcd?

To: David Brownlee <abs%absd.org@localhost>
Subject: Re: How do people use npf with dhcpcd?
From: Michael van Elst <mlelstv%serpens.de@localhost>
Date: Sun, 28 Dec 2025 07:39:53 +0100

On Sat, Dec 27, 2025 at 11:22:32PM +0000, David Brownlee wrote:

> though I've just tried switching it to a dynamic list via ifaddrs()
> rather than inet4() which seems to avoid the error with empty lists (I
> seem to recall issues with ifaddrs() with older npf versions, but as
> long as I'm willing to allow IPv6 to slide into the chat then that
> could avoid the issue for me...

For inet4() the addresses are looked up by npfctl and then loaded into the
kernel. Without addresses, npfctl fails. You could easily teach npfctl
to handle empty lists.

For ifaddrs() a table ".ifnet-$ifname" is used and looked up. Unlike static
tables, which are loaded with the npf configuration, the interface entries
are also loaded when an interface configuration changes. Table lookups
work with empty tables.

The next problem is then to generate rules for interfaces that do
not exist and where not even the name is known when npf is configured.
Maybe with some template that matches an interface name wildcard or
an interface category.

Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

References:
- How do people use npf with dhcpcd?
  - From: David Brownlee
- Re: How do people use npf with dhcpcd?
  - From: Lloyd Parkes
- Re: How do people use npf with dhcpcd?
  - From: Michael van Elst
- Re: How do people use npf with dhcpcd?
  - From: David Brownlee

Prev by Date: Re: How do people use npf with dhcpcd?
Next by Date: Re: Cross-build on macOS fails
Previous by Thread: Re: How do people use npf with dhcpcd?
Next by Thread: Re: How do people use npf with dhcpcd?
Indexes:

Home | Main Index | Thread Index | Old Index