From owner-freebsd-net@FreeBSD.ORG Tue Jan 18 22:27:49 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BD7816A4CE; Tue, 18 Jan 2005 22:27:49 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A8D943D39; Tue, 18 Jan 2005 22:27:48 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id DCE507A403; Tue, 18 Jan 2005 14:27:47 -0800 (PST) Message-ID: <41ED8D63.8090205@elischer.org> Date: Tue, 18 Jan 2005 14:27:47 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Brooks Davis References: <20050117200610.GA90866@cell.sick.ru> <20050118183558.GA15150@odin.ac.hmc.edu> In-Reply-To: <20050118183558.GA15150@odin.ac.hmc.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org cc: net@freebsd.org Subject: Re: [TEST/REVIEW] ng_ipfw: node to glue together ipfw(4) and netgraph(4) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 22:27:49 -0000 Brooks Davis wrote: >On Mon, Jan 17, 2005 at 11:06:10PM +0300, Gleb Smirnoff wrote: > > >> Dear collegues, >> >>here is quite a simple node for direct interaction between ipfw(4) >>and netgraph(4). It is going to be more effective and error-prone >>than a complicated construction around divert socket and ng_ksocket[1]. >> >> >> firstly.. I was thinking that there are several good ways to mesh the ipfw/divert/netgraph stuff. Firstly there is the possibility of making the ipfw stuff a netgraph node itself.. (yes I know there is such a node (based on ipfw-1) out there.) then as for getting stuff out of ipfw, maybe divert itself could be changed to be a netgraph method. In this way, you'd open netgtraph sockets instead of divert sockets. Alternatively there could be a possibility where netgraph could open hooks of a particular number and that would be the equivalant of openning a divert hook of that number.. Looks good but I'm not convinced that it needs a whole new keyword of we tap in through the divert mechanism.