Date: Tue, 08 Feb 2011 21:46:22 +0300 From: Sergey Matveychuk <sem@FreeBSD.org> To: Julian Elischer <julian@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: divert rewrite Message-ID: <4D518F7E.3020804@FreeBSD.org> In-Reply-To: <4D517775.6090107@freebsd.org> References: <4D4DCD1E.1050906@freebsd.org> <AANLkTimtDegcGjzXatEOHjQR9GM_hD29ZiKnkT-zG1_S@mail.gmail.com> <4D4DFC95.9010804@freebsd.org> <4D501198.6090901@FreeBSD.org> <4d516a6a.8937e30a.0996.2f26@mx.google.com> <4D51750A.3070303@FreeBSD.org> <4D517775.6090107@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
08.02.2011 20:03, Julian Elischer wrote: >> 08.02.2011 19:08, rozhuk.im@gmail.com wrote: >>> Did you try ng_ether + ng_ksocket? >>> It can translate Ethernet frames incapsulated to udp to user space >>> receiver. >> >> The idea is catch packets from firewall (ng_ipfw, ng_nat was mentioned >> by mistake) and pass them to user space module that do some processing >> and puts back the packets into firewall (for rules with `diverted' >> keyword). > > yes, however did you try the ipfw netgraph keyword and the ng_ipfw node? > I have also been wondering it it might not make sense to simpply > replavce the diver code with > a netgraph equivalent.. Using the ng_ipfw node one can almost do it with > no changes as it is. I've tried ng_socket+ng_ipfw. It gets incoming packets, but outgoing packets drops because of a tag having lost after leaving kernel space. It looks like a magic can be done with ng_tag node, but really I could not tame it. > >> >> It works now for IPv4 with `divert' and doesn't with IPv6. > > yes, I'm pondering the right fix for that.. I'm first to test it please :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D518F7E.3020804>