IPDIVERT
Max Khon
fjoe at iclub.nsu.ru
Wed Apr 30 00:31:35 PDT 2003
hi, there!
On Tue, Apr 29, 2003 at 11:05:29PM +0300, Ruslan Ermilov wrote:
> > I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by default
> > or change IPDIVERT to NOIPDIVERT and build boot kernels with NOIPDIVERT.
> > The main goal is to allow to use NAT with stock kernels and ipfw.ko.
> >
> > Comments?
> >
> Only if you succeed in making the ipdivert.ko module: IPDIVERT is not
> modularized currently, contrary to IPFIREWALL. What it means basically
> is that you will have to change lot of ``#ifdef IPDIVERT'' to
> ``if (IPDIVERT_LOADED)'', like with the IPFW_LOADED. I think this is
> worth doing.
AFAIK there is no possibility to add IPPROTO_DIVERT dynamically to
inetsw[]. Some fields of 'struct ipq' are under #ifdef IPDIVERT as well.
ipfw code under #ifdef IPDIVERT are just `case' labels and strings in printf's
(like "ipdivert enabled"). In other words is it really
worth splitting ipdivert into separate .ko module? Changing IPDIVERT to
NOIPDIVERT will be cleaner in my opinion.
/fjoe
More information about the freebsd-net
mailing list