Date: Wed, 29 Jan 1997 12:47:25 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: archie@whistle.com (Archie Cobbs) Cc: terry@lambert.org, archie@whistle.com, ari.suutari@ps.carel.fi, brian@awfulhak.demon.co.uk, hackers@freebsd.org, cmott@srv.net Subject: Re: ipdivert & masqd Message-ID: <199701291947.MAA12629@phaeton.artisoft.com> In-Reply-To: <199701291924.LAA24150@bubba.whistle.com> from "Archie Cobbs" at Jan 29, 97 11:24:32 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Can I get a quick sanity check on something... the divert code is > > > programmed under the assumption that ip_input() and ip_output() > > > can never sleep (ie., no other packet can be treated before the > > > function returns). This is true, right? > > > > For the divert handler, you mean? Yes. > > Then I don't understand how ip_divert_ignore can ever be incorrectly > set (ie., non-zero)... if you look at ip_divert.c, you see the only > place that it is ever set to a non-zero value is before the outgoing > packet is delivered, via a call to ether ip_input() or ip_output() > (in the function div_output()). Then it gets reset to zero after > either of these functions returns. > > Am I missing some subtlety in there? ...I ....I ...I don't know *that*! *sproing* Yeeeeeaaaaarrrrrrggggggghhhhhhhhh! Actually, I think it's so the outbound packet doesn't get redivirted by that particular handler, but you *can* chain handlers. For instance, say I wanted to chain a cleanwall, a firewall, and a IP proxy server and they were all in seperate divert modules. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701291947.MAA12629>