divert rewrite
Julian Elischer
julian at freebsd.org
Tue Feb 8 17:03:51 UTC 2011
> 08.02.2011 19:08, rozhuk.im at gmail.com wrote:
>> Did you try ng_ether + ng_ksocket?
>> It can translate Ethernet frames incapsulated to udp to user space
>> receiver.
>
> The idea is catch packets from firewall (ng_ipfw, ng_nat was
> mentioned by mistake) and pass them to user space module that do
> some processing and puts back the packets into firewall (for rules
> with `diverted' keyword).
yes, however did you try the ipfw netgraph keyword and the ng_ipfw node?
I have also been wondering it it might not make sense to simpply
replavce the diver code with
a netgraph equivalent.. Using the ng_ipfw node one can almost do it
with no changes as it is.
>
> It works now for IPv4 with `divert' and doesn't with IPv6.
yes, I'm pondering the right fix for that..
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list