divert rewrite
rozhuk.im at gmail.com
rozhuk.im at gmail.com
Tue Feb 8 18:47:30 UTC 2011
> -----Original Message-----
> From: Sergey Matveychuk [mailto:sem at FreeBSD.org]
> Sent: Wednesday, February 09, 2011 12:53 AM
> To: Rozhuk.IM at gmail.com
> Cc: freebsd-net at freebsd.org
> Subject: Re: divert rewrite
>
> 08.02.2011 19:08, rozhuk.im at gmail.com wrote:
> > Did you try ng_ether + ng_ksocket?
> > It can translate Ethernet frames incapsulated to udp to user space
> receiver.
>
> The idea is catch packets from firewall (ng_ipfw, ng_nat was mentioned
> by mistake) and pass them to user space module that do some processing
> and puts back the packets into firewall (for rules with `diverted'
> keyword).
>
> It works now for IPv4 with `divert' and doesn't with IPv6.
I know how divert works, google: uTPControl ;)
Its simple for developmet, stable, but uses many CPU.
With ng_ether + ng_ksocket you can send custom Ethernet frames.
There is some node that can filter traffic, for IPv6 you need allow 1 or 2 ethernet types to pass.
More information about the freebsd-net
mailing list