Date: Thu, 15 Mar 2001 23:38:12 -0800 From: Julian Elischer <julian@elischer.org> To: Nick Rogness <nick@rogness.net> Cc: freebsd-hackers@freebsd.org Subject: Re: natd divert injecting clarifications Message-ID: <3AB1C2E4.576D2760@elischer.org> References: <Pine.BSF.4.21.0103151635120.5717-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick Rogness wrote:
>
> Just to be sure I have it right. When the kernel diverts the packet to
> natd, via ipfw:
>
> 1) kernel sends packet to natd
> 2) natd read() the packet
> 3) natd screws with it (changes dest addr,etc)
> 4) natd write() the packet
> 5) kernel reinjects the packet back into the firewall
>
> That's what I could get out of divert(4) and some of the natd source.
> Bare with me...I'm a novice programmer.
>
> Is this correct?
yes
there are some extra bits:
there is some extra information hidden in the 'address' field
that natd gets alongside the data. That includes the
rule number that did the divert. If the same information is fed back
then the data is reinjected just after the rule that caused the divert.
>
> Nick Rogness <nick@rogness.net>
> - Keep on routing in a Free World...
> "FreeBSD: The Power to Serve!"
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
--
__--_|\ Julian Elischer
/ \ julian@elischer.org
( OZ ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AB1C2E4.576D2760>