#!/bin/sh

kenv net.inet.ip.fw.default_to_accept="1"
kldload ipfw


kldload ng_hole
kldload ng_bpf
kldload ng_ipfw

PATTERN="tcp dst port 7777"
NODENAME="my_bpf"
INHOOK="input"
MATCHHOOK="match_hook"
NOMATCHHOOK="nomatch_hook"

ngctl mkpeer ipfw: bpf 44 ${INHOOK}
ngctl name ipfw:44 ${NODENAME}

ngctl mkpeer ${NODENAME}: hole ${MATCHHOOK} input
ngctl name ${NODENAME}:${MATCHHOOK} match_hole
ngctl mkpeer ${NODENAME}: hole ${NOMATCHHOOK} input
ngctl name ${NODENAME}:${NOMATCHHOOK} nomatch_hole

BPFPROG=$( tcpdump -s 8192 -ddd ${PATTERN} | \
                    ( read len ; \
                      echo -n "bpf_prog_len=$len " ; \
                      echo -n "bpf_prog=[" ; \
                      while read code jt jf k ; do \
                          echo -n " { code=$code jt=$jt jf=$jf k=$k } " ; \
                      done ; \
                      echo " ]" ) )

ngctl msg ${NODENAME}: setprogram { thisHook=\"${INHOOK}\" \
           ifMatch=\"${MATCHHOOK}\" \
           ifNotMatch=\"${NOMATCHHOOK}\" \
           ${BPFPROG} }


ipfw add 100 netgraph 44 tcp from any to 1.2.3.4 dst-port 7000-8000