From owner-freebsd-net@FreeBSD.ORG Tue Feb 8 18:47:30 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 636A3106567A for ; Tue, 8 Feb 2011 18:47:30 +0000 (UTC) (envelope-from rozhuk.im@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id C1A198FC08 for ; Tue, 8 Feb 2011 18:47:29 +0000 (UTC) Received: by wwf26 with SMTP id 26so6086897wwf.31 for ; Tue, 08 Feb 2011 10:47:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:reply-to:from:to:references:in-reply-to:subject :date:message-id:mime-version:content-type:content-transfer-encoding :x-mailer:content-language:thread-index; bh=1gWB84YkZbT+AGlVBvFyHC6g6jZg+FCibE3gRJ1yZDM=; b=o05K2wn1anRFlVYXr9HjekdHn2zraWjYtpJro0/w8uxrGzr8RaCr02vPNAzbT9EIct rR8cTbFDXDqxj8XQ/2wznw3OlydZxQAoect43eoAskbvGN2VwV8U2L+NXxmg+1NAozmo 6c7xwqrmRtM/jPpgAHn58UhjxWErRgyDKK734= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=reply-to:from:to:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:x-mailer :content-language:thread-index; b=hCxKDXryv8o2XE0aG5Iv2jdxzkAzjxuQKoVglvWOWIBNB4GCJ6PkrE17L2kycNweTS R5uywqL1KwoDEZp/iF/xXVqhWyhexIw5+FOgKiVDqmKhAiUnulo1dfQJBTxPtXv1P7Kq mkd/Xe/dkwCgd/8tvFsswbDYq7pL/yGfcGhvE= Received: by 10.216.89.5 with SMTP id b5mr9890873wef.63.1297190842590; Tue, 08 Feb 2011 10:47:22 -0800 (PST) Received: from rimwks1x64 ([95.189.10.18]) by mx.google.com with ESMTPS id r38sm3012129weq.23.2011.02.08.10.47.20 (version=SSLv3 cipher=RC4-MD5); Tue, 08 Feb 2011 10:47:22 -0800 (PST) From: rozhuk.im@gmail.com To: References: <4D4DCD1E.1050906@freebsd.org> <4D4DFC95.9010804@freebsd.org> <4D501198.6090901@FreeBSD.org> <4d516a6a.8937e30a.0996.2f26@mx.google.com> <4D51750A.3070303@FreeBSD.org> In-Reply-To: <4D51750A.3070303@FreeBSD.org> Date: Wed, 9 Feb 2011 02:47:18 +0800 Message-ID: <4d518fba.26ead80a.02ff.1058@mx.google.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Content-Language: ru Thread-Index: AcvHsLcV3k/Dt9dQSxWHGgSEstfyRQADqirA Subject: RE: divert rewrite X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Rozhuk.IM@gmail.com List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2011 18:47:30 -0000 > -----Original Message----- > From: Sergey Matveychuk [mailto:sem@FreeBSD.org] > Sent: Wednesday, February 09, 2011 12:53 AM > To: Rozhuk.IM@gmail.com > Cc: freebsd-net@freebsd.org > Subject: Re: divert rewrite >=20 > 08.02.2011 19:08, rozhuk.im@gmail.com wrote: > > Did you try ng_ether + ng_ksocket? > > It can translate Ethernet frames incapsulated to udp to user space > receiver. >=20 > The idea is catch packets from firewall (ng_ipfw, ng_nat was mentioned > by mistake) and pass them to user space module that do some processing > and puts back the packets into firewall (for rules with `diverted' > keyword). >=20 > It works now for IPv4 with `divert' and doesn't with IPv6. I know how divert works, google: uTPControl ;) Its simple for developmet, stable, but uses many CPU. With ng_ether + ng_ksocket you can send custom Ethernet frames. There is some node that can filter traffic, for IPv6 you need allow 1 or = 2 ethernet types to pass.