Date: Mon, 27 Apr 1998 22:38:20 +0100 From: Brian Somers <brian@Awfulhak.org> To: Julian Elischer <julian@whistle.com> Cc: hackers@FreeBSD.ORG Subject: Re: RFC: IPFW/DIVERT change suggestion. Message-ID: <199804272138.WAA13742@awfulhak.org> In-Reply-To: Your message of "Mon, 27 Apr 1998 00:38:19 PDT." <Pine.BSF.3.95.980427001717.21604K-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[.....]
> What can we do about this?
> 1/ change the semantics of reinjection so that the number presently used
> to indicate the rule to be immune to, is interpretted as the rule after
> which processing should restart. '1' would indicate "start again at the
> beginning. returning the same number as reported by the utility on
> reception (we would report the rule number rather than the port number)
> would make processing restart at the next rule after the divert.
>
> By specifying the correct number you could make processed packets jump
> into a special set of rules (for example).
>
> All present programs need to set the value to that they received,
> which they transparently pass because if they didn't they would
> get rediversion. thus all existing programs would get teh behaviour
> of continuing the examination of packets at the next rule after the
> divert.
>
> This does tie ipfw and divert closer together.
[.....]
I suspect this is the best approach, and is really IMHO a more
intuitive thing, however we've gotta be careful about the breakages
:-)
I've been considering the tun device in this respect too. Currently,
it only transports IP. If we want to support anything else (such as
IPX etc), we need some sort of
struct rawheader {
int sa_family;
int len;
u_char data[4];
};
struct rawheader_divert {
int sa_family;
int len;
int ruleno;
}
struct rawheaer_tun {
int sa_family;
int len;
}
In order to dodge breaking existing stuff, I suspect a RAWHEADER
ioctl should be available - passed a value of 1 or 0 for "on" or
"off". The default is "off" where you get no rawheader and behaviour
is as it currently is. "on" supplies rawheader structs for software
that knows what they are.
> (any other ideas?)
>
> julian
--
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
<http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804272138.WAA13742>