Date: Wed, 9 Feb 2011 02:47:18 +0800 From: rozhuk.im@gmail.com To: <freebsd-net@freebsd.org> Subject: RE: divert rewrite Message-ID: <4d518fba.26ead80a.02ff.1058@mx.google.com> In-Reply-To: <4D51750A.3070303@FreeBSD.org> References: <4D4DCD1E.1050906@freebsd.org> <AANLkTimtDegcGjzXatEOHjQR9GM_hD29ZiKnkT-zG1_S@mail.gmail.com> <4D4DFC95.9010804@freebsd.org> <4D501198.6090901@FreeBSD.org> <4d516a6a.8937e30a.0996.2f26@mx.google.com> <4D51750A.3070303@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Sergey Matveychuk [mailto:sem@FreeBSD.org] > Sent: Wednesday, February 09, 2011 12:53 AM > To: Rozhuk.IM@gmail.com > Cc: freebsd-net@freebsd.org > Subject: Re: divert rewrite >=20 > 08.02.2011 19:08, rozhuk.im@gmail.com wrote: > > Did you try ng_ether + ng_ksocket? > > It can translate Ethernet frames incapsulated to udp to user space > receiver. >=20 > The idea is catch packets from firewall (ng_ipfw, ng_nat was mentioned > by mistake) and pass them to user space module that do some processing > and puts back the packets into firewall (for rules with `diverted' > keyword). >=20 > It works now for IPv4 with `divert' and doesn't with IPv6. I know how divert works, google: uTPControl ;) Its simple for developmet, stable, but uses many CPU. With ng_ether + ng_ksocket you can send custom Ethernet frames. There is some node that can filter traffic, for IPv6 you need allow 1 or = 2 ethernet types to pass.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4d518fba.26ead80a.02ff.1058>