Date: Wed, 10 May 2006 10:41:14 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: [patch] ipfw packet tagging Message-ID: <44618B0A.60504@yandex.ru>
next in thread | raw e-mail | index | archive | help
Hi, All! I have written a small patch for a packets tagging with ipfw. The description of OpenBSD packet tagging is here: http://www.openbsd.org/faq/pf/tagging.html An IPFW tags is not compatible with PF tags. This feature can be usable with some netgraph modules. We can create a netgraph node that marks packets with some tags and use this node with other nodes. IPFW can detect and filter packets with tags. Also we can mark packets before NAT and detect tagged packets after translation. NAT based on divert sockets do not allow this, but i think ng_nat can.. Patches can be found here: http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44618B0A.60504>