divert rewrite
Sergey Matveychuk
sem at FreeBSD.org
Tue Feb 8 18:46:24 UTC 2011
08.02.2011 20:03, Julian Elischer wrote:
>> 08.02.2011 19:08, rozhuk.im at gmail.com wrote:
>>> Did you try ng_ether + ng_ksocket?
>>> It can translate Ethernet frames incapsulated to udp to user space
>>> receiver.
>>
>> The idea is catch packets from firewall (ng_ipfw, ng_nat was mentioned
>> by mistake) and pass them to user space module that do some processing
>> and puts back the packets into firewall (for rules with `diverted'
>> keyword).
>
> yes, however did you try the ipfw netgraph keyword and the ng_ipfw node?
> I have also been wondering it it might not make sense to simpply
> replavce the diver code with
> a netgraph equivalent.. Using the ng_ipfw node one can almost do it with
> no changes as it is.
I've tried ng_socket+ng_ipfw. It gets incoming packets, but outgoing
packets drops because of a tag having lost after leaving kernel space.
It looks like a magic can be done with ng_tag node, but really I could
not tame it.
>
>>
>> It works now for IPv4 with `divert' and doesn't with IPv6.
>
> yes, I'm pondering the right fix for that..
I'm first to test it please :)
More information about the freebsd-net
mailing list