From owner-freebsd-hackers Fri Mar 16 8:40:43 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from filk.iinet.net.au (syncopation-dns.iinet.net.au [203.59.24.29]) by hub.freebsd.org (Postfix) with SMTP id A300137B718 for ; Fri, 16 Mar 2001 08:40:39 -0800 (PST) (envelope-from julian@elischer.org) Received: (qmail 24957 invoked by uid 666); 16 Mar 2001 16:41:54 -0000 Received: from i078-113.nv.iinet.net.au (HELO elischer.org) (203.59.78.113) by mail.m.iinet.net.au with SMTP; 16 Mar 2001 16:41:54 -0000 Message-ID: <3AB1C2E4.576D2760@elischer.org> Date: Thu, 15 Mar 2001 23:38:12 -0800 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: Nick Rogness Cc: freebsd-hackers@freebsd.org Subject: Re: natd divert injecting clarifications References: Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Nick Rogness wrote: > > Just to be sure I have it right. When the kernel diverts the packet to > natd, via ipfw: > > 1) kernel sends packet to natd > 2) natd read() the packet > 3) natd screws with it (changes dest addr,etc) > 4) natd write() the packet > 5) kernel reinjects the packet back into the firewall > > That's what I could get out of divert(4) and some of the natd source. > Bare with me...I'm a novice programmer. > > Is this correct? yes there are some extra bits: there is some extra information hidden in the 'address' field that natd gets alongside the data. That includes the rule number that did the divert. If the same information is fed back then the data is reinjected just after the rule that caused the divert. > > Nick Rogness > - Keep on routing in a Free World... > "FreeBSD: The Power to Serve!" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000-2001 ---> X_.---._/ v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message