From owner-freebsd-net Sun Mar 21 11:39:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from friley-185-206.res.iastate.edu (friley-185-206.res.iastate.edu [129.186.185.206]) by hub.freebsd.org (Postfix) with ESMTP id 291FB14E93 for ; Sun, 21 Mar 1999 11:39:51 -0800 (PST) (envelope-from cc@137.org) Received: from friley-185-205.res.iastate.edu (friley-185-205.res.iastate.edu [129.186.185.205]) by friley-185-206.res.iastate.edu (Postfix) with ESMTP id DDBF267; Sun, 21 Mar 1999 13:39:30 -0600 (CST) Received: from friley-185-205.res.iastate.edu (localhost [127.0.0.1]) by friley-185-205.res.iastate.edu (Postfix) with ESMTP id 19005C3; Sun, 21 Mar 1999 13:39:30 -0600 (CST) X-Mailer: exmh version 2.0.2 2/24/98 To: Julian Elischer Cc: Chris Csanady , freebsd-net@FreeBSD.ORG Subject: Re: Integrating the NetBSD PFIL hooks.. In-reply-to: Your message of "Fri, 19 Mar 1999 17:36:29 PST." <36F2FB9D.2C67412E@whistle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 21 Mar 1999 13:39:30 -0600 From: Chris Csanady Message-Id: <19990321193930.19005C3@friley-185-205.res.iastate.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Chris Csanady wrote: >> >> What would it take for us to intergrate NetBSD's PFIL hooks? It is >> hard to do much work in the current network stack with so much of >> the mess that currently exists. At the very least, ip_input.c and >> ip_output.c would be much cleaner with this mechanism. >> >> I'm just wondering what needs to be done, and if it is possible. >> Ipfilter would already support this, but how about ipfw, dummynet, >> divert and such? Would the authors of the respective code be >> willing to help out with the necessary changes? >> >> Chris Csanady >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-net" in the body of the message > >Certainly >though I haven't looked.. >It certainly looks like it could use some cleaning.. It's suffering >from 'evolutionary changes'. > >We at whistle have to take a lot of the blame. >We implemented 'divert' sockets after a suggestion from >one of the CSRG guys. (forget his name.. the Kieth that was >not a Bostic) > >The divert functionality adds a lot of possibilities but it has its >tentacles all over the place. The 'fwd' option of ipfw has a few >tentacles reaching as far as tcp_input. Hmm, I didn't realize that divert was so far reaching. The NetBSD PFIL stuff basically only provides for input and output hooks at a single point as far as I can see. (in ip_input and ip_output) It seems like it would be simple to extend the interface to do both fragments and reassembled packets at the IP layer though. What is the minimum in terms of filtering points that must exist? Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message