From owner-freebsd-stable Mon Dec 16 22:58:22 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id WAA04560 for stable-outgoing; Mon, 16 Dec 1996 22:58:22 -0800 (PST) Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id WAA04553; Mon, 16 Dec 1996 22:58:17 -0800 (PST) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id HAA03735; Tue, 17 Dec 1996 07:13:21 +0100 From: Luigi Rizzo Message-Id: <199612170613.HAA03735@labinfo.iet.unipi.it> Subject: Re: IP masquerading (for a LAN, _not_ PPP) To: julian@whistle.com (Julian Elischer) Date: Tue, 17 Dec 1996 07:13:21 +0100 (MET) Cc: owensc@enc.edu, wangel@wgrobez1.remote.louisville.edu, dnex@access.digex.net, current@freebsd.org, stable@freebsd.org In-Reply-To: <32B5D2C4.41C67EA6@whistle.com> from "Julian Elischer" at Dec 16, 96 02:52:33 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-stable@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > FreeBSD 2.2 includes the feature "DIVERT SOCKETS" > these can be used in conjunction with the ipfw code to > create a translation feature. > > Use the 'divert' keyword with the Ipfw to divert a packet to > a 'divert socket' that is openned by the translation daemon. > the daemon monitors incoming packets and 'fiddles' the headers > accordingly. isn't it a bit expensive ? I mean, do all the packet go to userland where the daemon modifies them and then back to the kernel ? If this is the situation, it sounds like a significant overhead per packet, so you only want to do it at the slow side of a router. Luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________