[patch] ipfw packet tagging
Andrey V. Elsukov
bu7cher at yandex.ru
Wed May 10 06:41:21 UTC 2006
Hi, All!
I have written a small patch for a packets
tagging with ipfw.
The description of OpenBSD packet tagging is here:
http://www.openbsd.org/faq/pf/tagging.html
An IPFW tags is not compatible with PF tags.
This feature can be usable with some netgraph modules.
We can create a netgraph node that marks packets with some tags
and use this node with other nodes. IPFW can detect and filter
packets with tags.
Also we can mark packets before NAT and detect tagged packets
after translation.
NAT based on divert sockets do not allow this, but i think
ng_nat can..
Patches can be found here:
http://butcher.heavennet.ru/patches/kernel/ipfw_tags/
--
WBR, Andrey V. Elsukov
More information about the freebsd-net
mailing list