[TEST/REVIEW] ng_ipfw: node to glue together ipfw(4)
brooks at one-eyed-alien.net
Wed Jan 19 08:53:35 PST 2005
On Wed, Jan 19, 2005 at 03:34:26PM +0300, Gleb Smirnoff wrote:
> On Wed, Jan 19, 2005 at 11:16:01AM +0100, Andre Oppermann wrote:
> A> > On Wed, Jan 19, 2005 at 01:32:35AM -0800, Julian Elischer wrote:
> A> > J> If each active divert socket number had a pointer to the module to which it
> A> > J> was attached then you could divert to either in-kernel netgraph targets or
> A> > J> to userland socket based targets. Currently of you divert to a divert
> A> > J> 'port number' and nothing is attached to it, the packet is dropped.
> A> > J> If a divert socket is attached to it, it is sent ot teh socket.
> A> > J> I would just suggest that is not a great leap of imagination that
> A> > J> attaching to a hook named 3245 would attach a netgrpah hook to the ipfw
> A> > J> code in the sam enamespace as the divert portnumber, and that a
> A> > J> subsequent attempt to attach a divert socket to that port number woild
> A> > J> fail. The packets diverted there would simply go to the netgraph hook
> A> > J> instead of going to a socket or being dropped.
> A> >
> A> > I understand your idea now. I'll work in this direction.
> A> I like Julian's idea. And if you look at the mtag's the only thing that
> A> is extracted is the rule number for divert, dummynet and netgraph (your
> A> patch). Ideally this should be merged into one tag if possible and not
> A> an architectual hack.
> When writing node, I was thinking about merging this into one tag. However, I
> expected negative response to this idea, from other developers.
> Anyone else agree that these tags should be merged?
Off the top of my head, I don't like the idea. What are the savings in
doing so? Is there a guarantee that you won't need more then one at
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20050119/43d764dd/attachment.bin
More information about the freebsd-net