From owner-freebsd-net@freebsd.org  Wed May 27 08:07:04 2020
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4EE1B32AC2B
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Wed, 27 May 2020 08:07:04 +0000 (UTC)
 (envelope-from tom.marcoen@gmail.com)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com
 [IPv6:2a00:1450:4864:20::236])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49X3MW3vlYz3chn
 for <freebsd-net@freebsd.org>; Wed, 27 May 2020 08:07:03 +0000 (UTC)
 (envelope-from tom.marcoen@gmail.com)
Received: by mail-lj1-x236.google.com with SMTP id z6so27739423ljm.13
 for <freebsd-net@freebsd.org>; Wed, 27 May 2020 01:07:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=OUROuurZvOECqzAGF4wxqbPwPv2eE30DTiqFkm+AaAY=;
 b=HIrhjT8/oi/+EgKq04xzlVOTpj/RnwgkXCHqLcc3yieS/X54JsmkhS80Yk48OmctVh
 MeW8DWprNP2RhXYHDBbZliWqjOLPvjFGXFdWBZpMtHy7BAzeUPjBu2NPosiezG3Yv+RV
 FGWWMif0ErhLCVzepdjxG1XY2DhHirtQ1At4y0z6YwCUeehPQgfEHTJZI0KyeT32Jl9l
 JJCq/1BQeAnuT0njNKvV6U9gJ4Th73G5ETHD+ihS+QLP6qQqvXpizMaYV/EkIHTUjhv5
 +8sybkZbvQZPp1S5VFpdhA1LmAu0WLnL4kyZomGgSwa/Cm3fADrB5c30LHw1VD7Cy3eA
 QqzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=OUROuurZvOECqzAGF4wxqbPwPv2eE30DTiqFkm+AaAY=;
 b=uLK4hKiSDJMP1CRHUTQBY+K6KRjqPTHm4535KDeMAe/r4o+Icm+ZvsC9/Sp4Xm07VS
 odZMQr/29HjsDguINl39RsZ8hlg7VjOleW7zQleHAC+NP2dTFcs3tHSdmi0EbrmzJSNH
 RcA7s0oZ4hJ+NMfImIm9AjucZB1Iks554Db1arLJEykzYznnwqO+y+F+CXCQWFINg1YD
 2mVXZOOb3nGVLw11dsGZJ3266W8jMV52lfvMIcv8ZZcbTFq0VQoqUqc1a9OsSeD9GNUH
 suVuaY5RShJuOgY08XuKcYTgdg7GLrVzkKXGDv8XmGAq4tmrOsUOEf5u2s4osDNWAovU
 bY0w==
X-Gm-Message-State: AOAM530e7qfT+t1RRKyHCED3/3vsPHUiRRmB82ivxmFe3wrGmR3FOsYX
 TD3F6yYazaByWkS2coYGQ4DenhxRGTcky3jMGU3oyL73bP8=
X-Google-Smtp-Source: ABdhPJwF3i/+/js+43Izhjl4THgzJ0mxJREAeHu5jntNrFC+yXWmPbgEKT6ri2PZlAYyzsg3YxNijRCeGhlkUfJYAl4=
X-Received: by 2002:a2e:2c0a:: with SMTP id s10mr2567714ljs.447.1590566820310; 
 Wed, 27 May 2020 01:07:00 -0700 (PDT)
MIME-Version: 1.0
From: Tom Marcoen <tom.marcoen@gmail.com>
Date: Wed, 27 May 2020 10:06:31 +0200
Message-ID: <CAJ-iVrNn=9-Z5YHG4j=adnFiiTbDLED6ArYh8j9Zepn0k8=6KA@mail.gmail.com>
Subject: On Netgraph
To: freebsd-net@freebsd.org
X-Rspamd-Queue-Id: 49X3MW3vlYz3chn
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=HIrhjT8/;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of tommarcoen@gmail.com designates
 2a00:1450:4864:20::236 as permitted sender)
 smtp.mailfrom=tommarcoen@gmail.com
X-Spamd-Result: default: False [-2.93 / 15.00]; RCVD_TLS_ALL(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025];
 NEURAL_HAM_MEDIUM(-1.04)[-1.043]; FROM_HAS_DN(0.00)[];
 FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.00)[-1.000];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::236:from];
 NEURAL_SPAM_SHORT(0.11)[0.109]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_TWO(0.00)[2];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 08:07:04 -0000

Hey all,

I'm new to this mailing list and also quite new to FreeBSD (huray, welcome
to me!) so bare with me, please.

I'm reading up on Netgraph on how I can integrate it with FreeBSD jails and
I was looking at some of the examples provided in
/usr/share/examples/netgraph and now have the following question.
The udp.tunnel example shows an iface point-to-point connection but it is
unencrypted. Of course I could encrypt it with an IPsec tunnel on the host
or tunnel it through SSH, but I was wondering whether there exists a nice
Netgraph solution, e.g. a node with two hooks, receiving unencrypted
traffic on the inside hook and sending out encrypted traffic on the outside
hook.

Regards,
Tom