Date: Mon, 22 Sep 1997 11:02:43 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: alexlh@xs4all.nl Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [Fwd: DIVERT or tun0?] Message-ID: <199709221802.LAA21297@bubba.whistle.com> In-Reply-To: <3426AAF3.167EB0E7@whistle.com> from Julian Elischer at "Sep 22, 97 10:29:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Can someone explain to what the difference is between the tunnel device > and DIVERT sockets? And why we need them both? The tunnel device is an interface. You can route packets into and out of it just like any other interface. In other words, it's a terminus for packets. Divert sockets are not an interface, but more like a "tap" into the various packet flows between interfaces. The main thing you can do with divert sockets that you can't do with an interface is match packets based on anything that ipfw(8) can match, rather than just destination IP address (which is the only field the routing code uses to determine which interface to send a packet out of). For example, suppose you wanted to pass all packets going to some other IP network through an encryption layer. With the tunnel device you can't do this, because when you write the encrypted packet back to the system, it still has the same destination IP address (so it just loops back out to your encryption layer again). -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709221802.LAA21297>