Date: Sun, 21 Nov 1999 18:05:24 -0800 (PST) From: Julian Elischer <julian@whistle.com> To: "Parthasarathy M. Aji" <partha@cs.duke.edu> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Ip _ fw.c Message-ID: <Pine.BSF.4.10.9911211759270.6767-100000@current1.whistle.com> In-Reply-To: <Pine.GSO.4.20.9911211712520.12006-100000@moe.cs.duke.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 21 Nov 1999, Parthasarathy M. Aji wrote: > Thanks Julian. But we are rewriting Kernel src file ip_fw.c (which > does implement the ipfw system call i guess) to do the redirection > automatically for us, because redirection is faster at the Kernel than at > the user level. > Unfortunately I am new to writing code at the kernel level. The main > problem is that I don't know what files specifically I need to rewrite, is > it just ip_fw.c or any ohter files.. I don't know wether just rewriting > the packet ip_dst.s_addr is enough? This is similar to network address > translater except for the fact that our kernel will run on a proxy closer > to the client than to the server.. > There is a NAT module for the ipfilter kernel package. this may do what you want (I've never used it) You need to specify a little more exactly what you wnat to do. There are many ways to do thise things already. what would the proposeed ipfw rule look like? With Netgraph you can now divert to an arbitrary processing node within the kernel without needing a daemon. That may also be of interest to you. (man 8 ng_ksocket) Julian > Partha > > > > > > On Tue, 16 Nov 1999, Julian Elischer wrote: > > > You can use the ipfw "fwd" command > > (man 8 ipfw) > > you need to also run ipfw 'fwd' commands on the servers otherwise they > > will send the packet back to it's original destination. > > > > alternatively you could have no real machine with that address but set a > > loopback interface to the target address on each machine so that > > each machine would accept the packet when it arrived. > > if you want to actually CHANGE the packet then I believe natd can do that > > but I've not done it. > > julian > > > > (p.s. tell more about your set-up and maybe I can be more specific) > > > > > > On Wed, 17 Nov 1999, Parthasarathy M. Aji wrote: > > > > > Hey, > > > i want to do packet filtering and redirection through the > > > kernel. Specifically, My application will be on an intermediate node, > > > through which, I want to redirect every packet that comes through me to a > > > different server. Would you know what files I might want to look into > > > this( like ip_fw.c for eg) etc..? .. > > > > > > Partha > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-hackers" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911211759270.6767-100000>