From owner-freebsd-hackers Wed Jan 29 12:06:48 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA18309 for hackers-outgoing; Wed, 29 Jan 1997 12:06:48 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id MAA18302 for ; Wed, 29 Jan 1997 12:06:43 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id MAA12629; Wed, 29 Jan 1997 12:47:25 -0700 From: Terry Lambert Message-Id: <199701291947.MAA12629@phaeton.artisoft.com> Subject: Re: ipdivert & masqd To: archie@whistle.com (Archie Cobbs) Date: Wed, 29 Jan 1997 12:47:25 -0700 (MST) Cc: terry@lambert.org, archie@whistle.com, ari.suutari@ps.carel.fi, brian@awfulhak.demon.co.uk, hackers@freebsd.org, cmott@srv.net In-Reply-To: <199701291924.LAA24150@bubba.whistle.com> from "Archie Cobbs" at Jan 29, 97 11:24:32 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > Can I get a quick sanity check on something... the divert code is > > > programmed under the assumption that ip_input() and ip_output() > > > can never sleep (ie., no other packet can be treated before the > > > function returns). This is true, right? > > > > For the divert handler, you mean? Yes. > > Then I don't understand how ip_divert_ignore can ever be incorrectly > set (ie., non-zero)... if you look at ip_divert.c, you see the only > place that it is ever set to a non-zero value is before the outgoing > packet is delivered, via a call to ether ip_input() or ip_output() > (in the function div_output()). Then it gets reset to zero after > either of these functions returns. > > Am I missing some subtlety in there? ...I ....I ...I don't know *that*! *sproing* Yeeeeeaaaaarrrrrrggggggghhhhhhhhh! Actually, I think it's so the outbound packet doesn't get redivirted by that particular handler, but you *can* chain handlers. For instance, say I wanted to chain a cleanwall, a firewall, and a IP proxy server and they were all in seperate divert modules. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.