Date: Fri, 25 Sep 2009 22:40:11 -0400 From: "remodeler" <remodeler@alentogroup.org> To: freebsd-net@freebsd.org Subject: Help "layering hooks" to network stack - ngctl Message-ID: <20090926022715.M6906@alentogroup.org>
next in thread | raw e-mail | index | archive | help
I am running a vimage-enabled kernel (8.0) for host/jails, and routing the service jail's vnets with netgraph to a central ng_bridge. I would like to use a SSL VPN to attach remote connections to the ng_bridge after nat'ing. The three following pseudodevices seem to me like they are interacting with the active network stack (vnet[null]?), but what I am hoping someone can tell me is what order they interact with the packet-flow, or how I control that (or am on a completely wrong track): (*) OpenVPN uses a tun(4) virtual interface, which is a cloned interface of the physical ethernet interface. (*) natd(8) uses a divert(4) socket, so it is hooking into the network stack. I could move this out into the netgraph architecture w/ ng_nat, but wonder if natd can be used. (*) ng_ether, which is a virtual interface and node. If I enable all three devices (tun, divert, ng_ether) on the network stack, can I control the flow of packets through them (i.e. NIC --> tun --> divert --> ng_ether)? Thank you in advance.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090926022715.M6906>