From owner-freebsd-hackers Tue Apr 28 02:33:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA05620 for freebsd-hackers-outgoing; Tue, 28 Apr 1998 02:33:47 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from vorbis.noc.easynet.net (qmailr@vorbis.noc.easynet.net [195.40.1.254]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id CAA05588 for ; Tue, 28 Apr 1998 02:33:41 -0700 (PDT) (envelope-from chrisy@vorbis.noc.easynet.net) Received: (qmail 26633 invoked by uid 1943); 28 Apr 1998 09:33:38 -0000 Message-ID: <19980428103338.19612@flix.net> Date: Tue, 28 Apr 1998 10:33:38 +0100 From: Chrisy Luke To: David Muir Sharnoff Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Routing problem that I need solved. References: <199804280755.AAA11300@idiom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 In-Reply-To: <199804280755.AAA11300@idiom.com>; from David Muir Sharnoff on Tue, Apr 28, 1998 at 12:55:47AM -0700 Organization: The Flirble Internet Exchange X-URL: http://www.flix.net/ X-FTP: ftp://ftp.flirble.org/ Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG David Muir Sharnoff wrote (on Apr 28): > ipfw add 140 pass through 140.174.37.21 all from 140.174.82/24 to any > ipfw add 150 pass through 209.66.121.1 all from 209.66.121/24 to any > > The semantics of "pass through" are that the next hop for the packet > will be chosen as if it were bound for the address given. The same rule > can be deployed throughout my network. I see what you're trying to achieve. It should be simple to do - though there will be a penalty hit (although small on a router with only a few routes) since it will already have scanned the routing tree for a next hop based on destination. But that's swings-n-roundabouts. First of all you'd need to pass a pointer to "dst" from netinet/ip_output.c::ip_output() in the calls to ip_fw_chk(). Then you would need a bit of code in netinet/ip_fw.c::ip_fw_chk() in the switch (f->fw_flg & IP_FW_F_COMMAND) when it matches a rule to modifiy the newly passwd "dst" variable. This doesn't require anything like a new checksum because it's not stored in the packet. The kernel then goes and arpresolves "dst" for forwarding to a MAC address. This would achieve it precisely, with the extra logic to get the rule into the table in the first place, of course. I was planning on doing something very similar anyway - this is basically a "forward on FW rule" engine, so you could forward to addresses based on TCP port, etc. Except I was going to do a multipath one, of course. :-) Since there's interest, I'll have a go at it today... Chris. -- == chris@easynet.net, chrisy@flix.net, chrisy@flirble.org. == Head of Systems for Easynet Group PLC. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message