From owner-freebsd-net@FreeBSD.ORG  Fri Oct 15 07:26:32 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9216816A4CE
	for <net@freebsd.org>; Fri, 15 Oct 2004 07:26:32 +0000 (GMT)
Received: from cell.sick.ru (cell.sick.ru [217.72.144.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C95D543D48
	for <net@freebsd.org>; Fri, 15 Oct 2004 07:26:31 +0000 (GMT)
	(envelope-from glebius@freebsd.org)
Received: from cell.sick.ru (glebius@localhost [127.0.0.1])
	by cell.sick.ru (8.12.11/8.12.8) with ESMTP id i9F7QN1b053283
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 15 Oct 2004 11:26:24 +0400 (MSD)
	(envelope-from glebius@freebsd.org)
Received: (from glebius@localhost)
	by cell.sick.ru (8.12.11/8.12.11/Submit) id i9F7QN1A053282;
	Fri, 15 Oct 2004 11:26:23 +0400 (MSD)
	(envelope-from glebius@freebsd.org)
X-Authentication-Warning: cell.sick.ru: glebius set sender to
	glebius@freebsd.org using -f
Date: Fri, 15 Oct 2004 11:26:22 +0400
From: Gleb Smirnoff <glebius@freebsd.org>
To: Julian Elischer <julian@elischer.org>
Message-ID: <20041015072622.GC53159@cell.sick.ru>
References: <20041014174225.GB49508@cell.sick.ru>
	<416EBF0A.CB1C0366@networx.ch> <20041014202305.GA50360@cell.sick.ru>
	<416EE620.186AD27A@freebsd.org> <416F02CA.5020700@elischer.org>
	<416F0497.806DB456@networx.ch> <416F0A7E.70207@elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <416F0A7E.70207@elischer.org>
User-Agent: Mutt/1.5.6i
cc: Andre Oppermann <oppermann@networx.ch>
cc: net@freebsd.org
Subject: Re: small tun(4) improvement
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Oct 2004 07:26:32 -0000

On Thu, Oct 14, 2004 at 04:23:42PM -0700, Julian Elischer wrote:
J> yes I know, that's how we wrote divert.. (to be independent)  netgraph 
J> came later..
J> I guess we would have done divert differently if we had done netgraph 
J> first..
J> probably would have given ipfw a "hook" command that sent
J> packets out a netfgaph hook to whatever was attached.. hmm that could 
J> still be really usefull...

I have a snap code doing this. I have temporarily abandoned that node
because, I can't imagine a way to put packets back to ipfw.
ipfw is a function, which processes packet and returns. netgraph may
queue packets. How can it inject them back into ipfw, so that
1) it is checked from the next rule, not first
2) it will be returned to ip_(input|output) ?

J> a netgraph NAT module anyone?

In far plans. First we need to solve the above problem with ifpw
and netgraph interaction.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE