From owner-freebsd-hackers Fri May 22 20:28:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA22635 for freebsd-hackers-outgoing; Fri, 22 May 1998 20:28:20 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA22625 for ; Fri, 22 May 1998 20:28:14 -0700 (PDT) (envelope-from avalon@coombs.anu.edu.au) Message-Id: <199805230328.UAA22625@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA221363960; Sat, 23 May 1998 13:26:01 +1000 From: Darren Reed Subject: Re: Questions about Packet Filter To: thorpej@nas.nasa.gov Date: Sat, 23 May 1998 13:26:00 +1000 (EST) Cc: mike@smith.net.au, lc001@yahoo.com, hackers@FreeBSD.ORG In-Reply-To: <199805220107.SAA26775@lestat.nas.nasa.gov> from "Jason Thorpe" at May 21, 98 06:07:24 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In some mail from Jason Thorpe, sie said: > > On Thu, 21 May 1998 16:36:19 -0700 > Mike Smith wrote: > > > > 1. Are the ipfilter tools using divert() function that Mike and Dan > > > mentioned available in somewhere? > > > > ipfilter is Darren Reed's in-kernel firewall product. > > > > divert(4) is a FreeBSD-native feature. It is not, to the best of my > > knowledge, emulated by anything else. > > Uh... doens't IP Filter implement a divert(4)-like feature? Sort of. divert(4) provides complete packets through a socket(2) interface, so if you want to do NAT or anything else with divert(4), you incur the overhead of at least two context switches. IP Filter does as much as it can inside the kernel, with trapping to userland only for authentication of packets.. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message