Date: Fri, 16 Mar 2001 09:56:27 +0200 From: Ruslan Ermilov <ru@FreeBSD.org> To: Nick Rogness <nick@rogness.net> Cc: net@FreeBSD.org Subject: Re: natd divert injecting clarifications Message-ID: <20010316095627.C62097@sunbay.com> In-Reply-To: <Pine.BSF.4.21.0103151635120.5717-100000@cody.jharris.com>; from nick@rogness.net on Thu, Mar 15, 2001 at 09:48:24PM -0600 References: <Pine.BSF.4.21.0103151635120.5717-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Redirected to -net] On Thu, Mar 15, 2001 at 09:48:24PM -0600, Nick Rogness wrote: > > Just to be sure I have it right. When the kernel diverts the packet to > natd, via ipfw: > > 1) kernel sends packet to natd > 2) natd read() the packet > 3) natd screws with it (changes dest addr,etc) > 4) natd write() the packet > 5) kernel reinjects the packet back into the firewall > > That's what I could get out of divert(4) and some of the natd source. > Bare with me...I'm a novice programmer. > > Is this correct? > Pretty much correct. 1) kernel sends packet to divert socket 2) natd reads from divert socket 3) natd screws with it 4) natd writes the packet to divert socket; the packet is treated as a completely new entity 5) divert socket's output routine reinjects the packet back "into the normal kernel IP packet processing", not into firewall <PS> Such questions are best answered on -net </PS> Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010316095627.C62097>