From owner-freebsd-net@FreeBSD.ORG Wed Aug 1 00:36:34 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1104316A469 for ; Wed, 1 Aug 2007 00:36:34 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outY.internet-mail-service.net (outY.internet-mail-service.net [216.240.47.248]) by mx1.freebsd.org (Postfix) with ESMTP id F32DE13C4B0 for ; Wed, 1 Aug 2007 00:36:33 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 31 Jul 2007 17:36:32 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 78B4F125ADA; Tue, 31 Jul 2007 17:36:32 -0700 (PDT) Message-ID: <46AFD5B9.4080602@elischer.org> Date: Tue, 31 Jul 2007 17:37:13 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: "Christian S.J. Peron" References: <20070731162515.GA3684@sub> <46AF7E57.5020209@incunabulum.net> <20070731204156.GA7614@sub> <46AFB6C9.20401@incunabulum.net> <46AFC441.2070502@elischer.org> <20070801001908.GA8822@sub> In-Reply-To: <20070801001908.GA8822@sub> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, "Bruce M. Simpson" , rwatson@freebsd.org Subject: Re: divert and deadlock issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2007 00:36:34 -0000 Christian S.J. Peron wrote: > On Tue, Jul 31, 2007 at 04:22:41PM -0700, Julian Elischer wrote: > [..] >> Originally we wanted a way to be able to inject any kind of >> ip packet that could be generated, because the aim was to >> allow a user agent to do arbitrary processing on packets. however >> to be really correct, a divert injection should occur at teh position of >> the firewall >> where diversion occurs but there is no way to do that and anyhow they need >> to get some of the internal state added to them before they get there, so >> puting them in via ip_output seemed the way to go. >> >> I've never had much to do with multicast, so I'm not sure if it makes sense >> to inject there, but if you wanted to divert multicast packets >> and change them slightly, and then reinject them, it would be a blow >> to discover that you couldn't. > > Well, it's still the intent to keep the ability to divert and re-inject > multicast packets. This change would basically say: "You cant specify > multicast options via the divert socket". Which in practice doesn't > happen anyway (where I looked). > > I dont think we should be specifying multicast options on divert sockets. > It's not the right place to be manipulating multicast parameters. Multicast > parameters should be set on the sockets that originally transmitted or > received the packets. I dont think divert falls into this category. > ok if you can divert out a multicast packet, fix something in it, and then reinject it, and have it DTRT then that's fine.