Date: Thu, 24 Jan 2013 12:16:54 -0500 From: Jake Guffey <jake.guffey@eprotex.com> To: ipfw@freebsd.org Subject: IPFW divert with layer 2 interfaces Message-ID: <425A98A2-634D-40B8-8D67-6D775D32A499@eprotex.com>
next in thread | raw e-mail | index | archive | help
Hi: I am working on a network appliance based on FreeBSD, IPFW, and = Suricata. In the scenario that I'm developing for, I need to divert = packets sent over a layer 2 bridge for IPS processing. After = reinjection, IPFW passes this traffic back to FreeBSD for layer 3 = forwarding. I would like to get this working for layer 2 forwarding = across the bridge interface(s) involved. I saw = http://freebsd.1045724.n5.nabble.com/patch-RFC-allow-divert-from-layer-2-i= pfw-e-g-bridge-td4008335.html from quite some time ago (2006), and that = one of the responders said that he didn't want to commit layer 2 = diversion support before layer 2 packet filtering hooks were put in = place. To my understanding (please correct me if I'm wrong), the pfil = hooks he was referring to are in place now. Is there something I can do to help make this happen? I am very rusty = with C and will probably not be much help coding, but anything else, I'd = be glad to do. I suppose that I could give coding this support a shot, = with (likely) a bit of hand-holding from you. The company that I work for has allocated budget for consulting, so I = would be glad to help fund development if that's an issue. Thanks, Jake Guffey Network Security Engineer eProtex Network medical device security 5451 Lakeview Parkway S Drive Indianapolis, Indiana 46268, USA Mobile: 317-220-7100 jake.guffey@eprotex.com www.eprotex.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425A98A2-634D-40B8-8D67-6D775D32A499>