From owner-freebsd-net Thu Nov 8 17: 0:27 2001 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9]) by hub.freebsd.org (Postfix) with ESMTP id AA52937B427 for ; Thu, 8 Nov 2001 17:00:22 -0800 (PST) Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id QAA77839; Thu, 8 Nov 2001 16:40:33 -0800 (PST) Date: Thu, 8 Nov 2001 16:40:32 -0800 (PST) From: Julian Elischer To: Archie Cobbs Cc: cjclark@alum.mit.edu, Luigi Rizzo , freebsd-net@FreeBSD.ORG Subject: Re: Fixing ipfw(8)'s 'tee' In-Reply-To: <200111082338.fA8NcBK41060@arch20m.dellroad.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Got Margaret's invitation to dinner. I'm not sure if Dalma has responded yet, but we'd be delighted.. have to let Dalma look in her diary though.. On Thu, 8 Nov 2001, Archie Cobbs wrote: > Crist J. Clark writes: > > The issue may be that you wish to make a decision on the packet in > > later rules. For example, someone might wish to 'tee' all traffic to > > and from a certain machine to some unspecified traffic monitoring > > program listening on the divert socket. However, all of the traffic > > too and from that IP address may or may not be allowed by the security > > policy. With 'tee' as it exists, one cannot catch _all_ of the traffic > > (whether or not allowed by policy) and still apply policy. > > Yes, this is how 'tee' should work. It was really hard to do at the > time for some reason that I can't recall... I think because the > interface between ip_input.c and ip_fw.c doesn't handle one packet > splitting into two packets like that.. but maybe things have > gotten better since then. > > -Archie > > __________________________________________________________________________ > Archie Cobbs * Packet Design * http://www.packetdesign.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message