From owner-freebsd-ipfw@FreeBSD.ORG  Wed May 10 06:41:21 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 94AA416A401;
	Wed, 10 May 2006 06:41:21 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from mgat.rdu.kirov.ru (mgat.rdu.kirov.ru [85.93.37.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 441EF43D55;
	Wed, 10 May 2006 06:41:18 +0000 (GMT)
	(envelope-from bu7cher@yandex.ru)
Received: from kirov.so-cdu.ru (kirov [172.21.81.1])
	by mail.rdu.kirov.ru (Postfix) with ESMTP id D29BD33B97;
	Wed, 10 May 2006 10:41:15 +0400 (MSD)
Received: from kirov.so-cdu.ru (localhost [127.0.0.1])
	by rdu.kirov.ru (Postfix) with SMTP
	id 4D84E1543B; Wed, 10 May 2006 10:41:15 +0400 (MSD)
Received: by rdu.kirov.ru (Postfix, from userid 1014)
	id 171041539D; Wed, 10 May 2006 10:41:15 +0400 (MSD)
Received: from [172.21.81.52] (elsukov.kirov.so-cdu.ru [172.21.81.52])
	by rdu.kirov.ru (Postfix) with ESMTP
	id 01CDC152A9; Wed, 10 May 2006 10:41:15 +0400 (MSD)
Message-ID: <44618B0A.60504@yandex.ru>
Date: Wed, 10 May 2006 10:41:14 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231)
MIME-Version: 1.0
To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: [patch] ipfw packet tagging
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2006 06:41:21 -0000

Hi, All!

I have written a small patch for a packets
tagging with ipfw.

The description of OpenBSD packet tagging is here:
http://www.openbsd.org/faq/pf/tagging.html

An IPFW tags is not compatible with PF tags.

This feature can be usable with some netgraph modules.
We can create a netgraph node that marks packets with some tags
and use this node with other nodes. IPFW can detect and filter
packets with tags.

Also we can mark packets before NAT and detect tagged packets
after translation.
NAT based on divert sockets do not allow this, but i think
ng_nat can..

Patches can be found here:
http://butcher.heavennet.ru/patches/kernel/ipfw_tags/

-- 
WBR, Andrey V. Elsukov